LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-01-2003, 12:00 PM   #1
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
ALLOW host name lookup through iptables ?


Hi, ive setup a few simple rules though iptables.

but, ive allowed connections to smtp.ntlworld.com through port 25

BUT, if i try to telnet to smtp.ntlworld.com it does not allow it, however it does if i type the ip address of smtp.ntlworld.com

what rule could i add to allow host name lookup through OUTPUT chain ????

thanX
 
Old 09-01-2003, 12:21 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
You shouldn't ever have to specifically allow hostname lookups. Your system will automatically put an entry into iptables that will allow communication with your nameservers. If you CAN connect via the ip address, then it sounds like you have misconfigured the ip addresses of your DNS servers. Check /etc/resolve.conf and make sure that your system has proper entries for the nameservers. Alternatively, you might have a dhcp problem.

Last edited by Capt_Caveman; 09-01-2003 at 12:22 PM.
 
Old 09-01-2003, 12:33 PM   #3
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
my system has No trouble using the DNS servers when iptables is set to ACCEPT policy for OUTPUT,

so i assume that is setup correctly.

i even did a whois on NTL.com (my ISP)
it gave the the address of its DNS servers, and i added them to my OUTPUT chain, still no sucess.

there are enteries in iptables -L that i didnt put there myself.

" Check /etc/resolve.conf and make sure that your system has proper entries for the nameservers. Alternatively, you might have a dhcp problem."

sorry, this means nothing to me.

but like i said, if my DNS stuff works fine when iptables is down, surely its iptables not allowing the connection ???

thanx for the reply
 
Old 09-01-2003, 12:38 PM   #4
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
ahhhh

whois.ntl.com gives this info
Domain servers in listed order:

DNS1.NTLI.NET 62.253.162.237
DNS2.NTLI.NET 194.168.4.237

but my /etc/resolve.conf shows

nameserver 194.168.4.100
nameserver 194.168.8.100

they do not match.

i will atempt changing them, to match.
 
Old 09-01-2003, 12:48 PM   #5
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
SOLVED the problem by adding namesorvers in /etc/resolv.conf to OUTPUT -j ACCEPT chain.

thanX
 
Old 09-01-2003, 11:36 PM   #6
Robert0380
Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
shouldnt have to do that, especially if your default policy on OUTPUT is ACCEPT....but whatever works i guess.
 
Old 09-02-2003, 07:44 AM   #7
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Original Poster
Rep: Reputation: 47
i only chaged the policy to accept for testing, its normally on DROP

i found my default iptables settings (that the redhat installer wrote)
it added rules for allowing incoming packets from my dns server.

but i have my input set to only allow related and (whats the other) packets to come in, then i added the rule to output.

(anyway, ive now found out i have to set my OUTPUT rules much more open to allow passive FTP

ahh well.
 
Old 08-02-2006, 02:07 PM   #8
hypermegachi
Member
 
Registered: Sep 2003
Posts: 49

Rep: Reputation: 15
nothing like reviving a 3 year old thread :P

needless to say, i'm having the same problem, but adding the OUTPUT rule doesn't fix it for me.

my linux box is connected up to a windows 2003 server, which is the DNS server. when i have iptables off, i can ping my linux box using the hostname (in my case it is ubuntu).

the 2003 server is located at 192.168.100.1, which is in my resolv.conf.

here's what iptables -L displays:

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.168.100.0/24 anywhere
ACCEPT all -- 192.168.101.0/24 anywhere

i can ping using the IP address no problem, but when iptables is on, and i try to ping using the hostname, it doesn't work.

does anyone have any ideas? thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wget no host lookup TeckniX Linux - Software 5 10-13-2011 12:28 PM
Host name lookup failure mauroblanc Linux - Networking 2 06-16-2005 03:09 PM
Host name lookup not working in 2.6 kernel ewildgoose Linux - Networking 0 08-03-2003 06:11 AM
sendmail: host name lookup failure GabeF Linux - Networking 3 12-04-2002 09:00 AM
getting an error 0.0.0.0:Host name lookup failure udayan Programming 2 08-23-2002 12:23 AM


All times are GMT -5. The time now is 10:03 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration