LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-08-2002, 09:23 PM   #1
ifm
Member
 
Registered: Jun 2002
Location: USA
Distribution: RH7.3 & YDL2.1
Posts: 124

Rep: Reputation: 15
Allow DNS lookups through ipchains?


I have a firewall on a DNS machine, using ipchains on RH7.3

Now, what I would like to do, is open up the IN ports that query the dns server for zone records (you know, the whole point of a dns machine being the authority of a zone file).

Whats the port? I dug through /etc/services to see if any looked like the right one, or gave some clue ... but that didnt yiled any help.

Thanks for any insights.
 
Old 08-08-2002, 10:27 PM   #2
liquidfx
LQ Newbie
 
Registered: Aug 2002
Location: California, USA
Distribution: Mandrake 8.1, Slackware 8.1
Posts: 14

Rep: Reputation: 0
that port is 53
 
Old 08-08-2002, 11:12 PM   #3
ifm
Member
 
Registered: Jun 2002
Location: USA
Distribution: RH7.3 & YDL2.1
Posts: 124

Original Poster
Rep: Reputation: 15
Thank you. It was the UDP port of 53 that appeared to be the cause of grief.

Thanks for pointing me in the right direction.
 
Old 08-09-2002, 01:34 AM   #4
liquidfx
LQ Newbie
 
Registered: Aug 2002
Location: California, USA
Distribution: Mandrake 8.1, Slackware 8.1
Posts: 14

Rep: Reputation: 0
it's odd that wasn't in your /etc/services file.......maybe ya just missed it? either way.......your welcome
 
Old 08-09-2002, 09:17 AM   #5
ifm
Member
 
Registered: Jun 2002
Location: USA
Distribution: RH7.3 & YDL2.1
Posts: 124

Original Poster
Rep: Reputation: 15
Well, ya see, it WAS...

But ipchains already had entries for the domain port... so I thought it wasnt that port that queries were being done against.

Turns out ipchains had some odd setting for the domain port, so I just simply added two calls of:

ipchains -I input 4 -p tcp --dport domain -j ACCEPT -y
ipchains -I input 5 -p udp --dport domain -j ACCEPT

And now it works. Before it was doing a --sport domain with --dport of a range of port numbers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail dns lookups davidsrsb Linux - Networking 1 06-09-2005 10:35 PM
DNS Lookups Slow kwiksand Linux - Networking 0 11-15-2004 05:52 AM
Caching DNS lookups vikasa Linux - Networking 0 06-26-2003 01:30 PM
Sendail and DNS lookups Hessian Rider Linux - Networking 3 11-05-2002 08:03 AM
Reverse DNS Lookups ascii2k Linux - Networking 2 08-08-2001 10:01 AM


All times are GMT -5. The time now is 01:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration