|
iptables - not broadcasting for dns queries
Greetings:
I currently have a RH9 box setup as a firewall and DNS server. Using iptables for firewalling and Bind 9 for name resolution, I have my internal dns working great. I can resolve my www(dot)xxx(dot)net and ftp(dot)xxx(dot)net fine from internal machines and server so I believe my dns is setup correctly. My problem stems from the outside network(internet) being able to resolve to my dns server. Here is how my iptables look... [root@ginkgo /]# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Lokkit-0-50-INPUT (2 references) target prot opt source destination ACCEPT udp -- localhost.localdomain anywhere udp spt:domain dpt s:1025:65535 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S YN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S YN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SY N,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY N,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags :SYN,RST,ACK/SYN ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- hi-rez.ns.algx.net anywhere udp spt:domain ACCEPT udp -- ns2.algx.net anywhere udp spt:domain REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable [root@ginkgo /]# Is there a reference in my itables that is blocking DNS resolution? Any help or urls for support would be appreciated. Thanks |
Can you provide the output of
#iptables -nvL DNS queries are UDP |
| All times are GMT -5. The time now is 07:00 AM. |