LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-06-2014, 06:22 AM   #1
johnmaxwell
LQ Newbie
 
Registered: Feb 2014
Posts: 20

Rep: Reputation: Disabled
iptables DNS resolve issue


I have copied some iptables rule from the following link
http://www.sns.ias.edu/~jns/files/iptables_ruleset

iptables -F
iptables -X
iptables -Z

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i eth0 -p udp -s 192.168.1.14 --sport 53 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.1.14 --sport 53 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p udp -d 192.168.1.14 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -d 192.168.1.14 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

service iptables save
service iptables restart
service iptables status

for the avobe mentioned rules my DNS server does not work.
dns server ip 192.168.1.14
 
Old 02-06-2014, 07:15 AM   #2
myatthu
Member
 
Registered: Jan 2014
Distribution: CentOS, Fedora, Ubuntu
Posts: 108

Rep: Reputation: 18
I presume 192.168.1.14 is server ip too.
In case, you need to adjust INPUT rule --sport to --dport

You should allow destination port 53. Not source
 
Old 02-07-2014, 12:02 PM   #3
johnmaxwell
LQ Newbie
 
Registered: Feb 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by myatthu View Post
I presume 192.168.1.14 is server ip too.
In case, you need to adjust INPUT rule --sport to --dport

You should allow destination port 53. Not source
Can you please write the command?

Thanks
 
Old 02-07-2014, 12:18 PM   #4
myatthu
Member
 
Registered: Jan 2014
Distribution: CentOS, Fedora, Ubuntu
Posts: 108

Rep: Reputation: 18
Code:
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 
Old 02-10-2014, 06:17 AM   #5
johnmaxwell
LQ Newbie
 
Registered: Feb 2014
Posts: 20

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by myatthu View Post
Code:
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
It works nicely.

Thanks
 
Old 02-10-2014, 10:13 AM   #6
myatthu
Member
 
Registered: Jan 2014
Distribution: CentOS, Fedora, Ubuntu
Posts: 108

Rep: Reputation: 18
Glad to hear that, but you might want to add tcp rules also. Like zone transfer or query all command will become tcp.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Odd DNS Issue, can not resolve one domain name vonedaddy Linux - Server 4 04-15-2013 11:00 PM
Cannot resolve host ISSUE Please DNS Expers help craigmyster Linux - Networking 2 10-16-2012 11:46 PM
Iptables DNS Resolve Problem....in CHROOT dashang.trivedi Linux - Networking 2 10-17-2011 09:59 AM
[SOLVED] iptables: port 53 blocked but server resolve DNS query n03x3c Linux - Security 9 06-29-2010 11:19 AM
DNS (and Postfix) Issue ('Domain doesn't resolve') zokken Linux - Networking 2 10-29-2008 02:10 PM


All times are GMT -5. The time now is 05:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration