LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNS, firewall dilemma? (https://www.linuxquestions.org/questions/linux-networking-3/dns-firewall-dilemma-595/)

apessos 01-15-2001 12:45 AM

Hello,

I am hoping someone can help me understand what is going on in my /var/log/messages file.

Included down below is an excerpt of the messages file. To me, it seems my firewall is denying access to the root serveres as they are trying to connect. I could be wrong about this but checking the ip addresses with dig reveals them to be authorative.

I have been reading the DNS, Firewall How-Tos for the past couple of hours, days and while I am learning rather fast, I think I might be missing something.

If someone would be willing to explain what is going on and possibly suggest a way to resolve the error, i would appreciate it. I am anxious and willing to learn and the best way is by asking question and learning through experience. Or so at least I think.

Any help would greatly be appreciated. And if anymore information is needed, let me know.
-Greg

ps. I am running RedHat 6.2 with kernel 2.2.17, in case that
information is necessary.

Jan 14 15:44:38 192 kernel: Packet log: input DENY eth1 PROTO=17 128.9.0.107:53 my_ip_address:1032 L=481 S=0x00 I=18351 F=0x4000 T=239 (#20)
Jan 14 15:44:50 192 kernel: Packet log: input DENY eth1 PROTO=17 192.36.148.17:53 my_ip_address:1032 L=481 S=0x00 I=18907 F=0x0000 T=43 (#20)
Jan 14 15:44:58 192 kernel: Packet log: input DENY eth1 PROTO=17 202.12.27.33:53 my_ip_address:1032 L=481 S=0x00 I=53140 F=0x0000 T=47 (#20)
Jan 14 15:45:02 192 kernel: Packet log: input DENY eth1 PROTO=17 192.33.4.12:53 my_ip_address:1032 L=481 S=0x00 I=62989 F=0x4000 T=243 (#20)
Jan 14 15:45:06 192 kernel: Packet log: input DENY eth1 PROTO=17 193.0.14.129:53 my_ip_address:1032 L=481 S=0x00 I=8806 F=0x0000 T=56 (#20)
Jan 14 15:45:10 192 kernel: Packet log: input DENY eth1 PROTO=17 128.8.10.90:53 my_ip_address:1032 L=481 S=0x00 I=25328 F=0x0000 T=50 (#20)
Jan 14 15:45:14 192 kernel: Packet log: input DENY eth1 PROTO=17 198.41.0.4:53 my_ip_address:1032 L=214 S=0x00 I=16657 F=0x0000 T=50 (#20)
Jan 14 15:45:34 192 kernel: Packet log: input DENY eth1 PROTO=17 128.63.2.53:53 my_ip_address:1032 L=481 S=0x00 I=7479 F=0x4000 T=244 (#20)
Jan 14 15:45:42 192 kernel: Packet log: input DENY eth1 PROTO=17 192.5.5.241:53 my_ip_address:1032 L=478 S=0x00 I=39001 F=0x4000 T=49 (#20)
Jan 14 15:45:50 192 kernel: Packet log: input DENY eth1 PROTO=17 192.203.230.10:53 my_ip_address:1032 L=478 S=0x00 I=19548 F=0x4000 T=22 (#20)

mjakob 02-06-2001 07:02 PM

They certainly are root servers. Without being able to see you ipchains script, I'm guessing that you are running a fairly strong ruleset. In other words, denying everything by default and allowing only what you want in. So, somewhere you need lines like:

/sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 -d your.ip.address/32 53 -j ACCEPT

/sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 -d your.ip.address/32 53 -j ACCEPT

These need to be before you deny everything else.

Mark


All times are GMT -5. The time now is 07:31 PM.