LinuxQuestions.org - Allow DNS lookups through ipchains?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Allow DNS lookups through ipchains? (https://www.linuxquestions.org/questions/linux-security-4/allow-dns-lookups-through-ipchains-27526/)

ifm	08-08-2002 08:23 PM

Allow DNS lookups through ipchains?

I have a firewall on a DNS machine, using ipchains on RH7.3

Now, what I would like to do, is open up the IN ports that query the dns server for zone records (you know, the whole point of a dns machine being the authority of a zone file).

Whats the port? I dug through /etc/services to see if any looked like the right one, or gave some clue ... but that didnt yiled any help.

Thanks for any insights.

liquidfx

08-08-2002 09:27 PM

that port is 53

ifm	08-08-2002 10:12 PM

Thank you. It was the UDP port of 53 that appeared to be the cause of grief.

Thanks for pointing me in the right direction.

liquidfx

08-09-2002 12:34 AM

it's odd that wasn't in your /etc/services file.......maybe ya just missed it? either way.......your welcome

ifm	08-09-2002 08:17 AM

Well, ya see, it WAS...

But ipchains already had entries for the domain port... so I thought it wasnt that port that queries were being done against.

Turns out ipchains had some odd setting for the domain port, so I just simply added two calls of:

ipchains -I input 4 -p tcp --dport domain -j ACCEPT -y
ipchains -I input 5 -p udp --dport domain -j ACCEPT

And now it works. Before it was doing a --sport domain with --dport of a range of port numbers.

All times are GMT -5. The time now is 08:26 AM.