|
iptables - not broadcasting for dns queries
Greetings:
I currently have a RH9 box setup as a firewall and DNS server. Using iptables for firewalling and Bind 9 for name resolution, I have my internal dns working great. I can resolve my www(dot)xxx(dot)net and ftp(dot)xxx(dot)net fine from internal machines and server so I believe my dns is setup correctly. My problem stems from the outside network(internet) being able to resolve to my dns server. Here is how my iptables look...
[root@ginkgo /]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- localhost.localdomain anywhere udp spt:domain dpt
s:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:S
YN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SY
N,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags
:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- hi-rez.ns.algx.net anywhere udp spt:domain
ACCEPT udp -- ns2.algx.net anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable
[root@ginkgo /]#
Is there a reference in my itables that is blocking DNS resolution? Any help or urls for support would be appreciated.
Thanks
|
