LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Problems with iptables and DNS/named Zone settings (https://www.linuxquestions.org/questions/linux-networking-3/problems-with-iptables-and-dns-named-zone-settings-246599/)

majiclab 10-24-2004 02:08 AM

Problems with iptables and DNS/named Zone settings
 
Hello,

I wouldn't consider myself a Linux noob (done lots of LAMP setups, especially compiling packages for the LAMP servers), however, I am definitely a new to Linux networking setups.

I have a dev linux server (CentOS 3.3, iptables 1.2.8, bind 9.2.4rc6, static IP 192.168.1.50) and a workstation (Windows XP, DHCP, 192.168.1.100) behind a Linksys router.

I am trying to secure my server fairly good (found some suspicious SSH entries in logs) to deny certain ports like 22, but allow them uncoditionally for my workstation (.100) and certain external IPs (production servers in data centres).

After a bit of hacking I believe I have found the problem, but am stumped on a solution. I am using gShield 2.8 to configure IP Tables. It has succesfully blocked IP 1.2.3.4 from SSH (and I assume all others) and has allowed IP 1.2.3.5, as configured with ./conf/client_hosts in gShield.

However, I also have 192.168.1.100 in ./conf/client_hosts, and my hacking found out that the likely cause of the problem is that in ./gShield.rc, certain commands are sent as `host $ip_address`, and returning invalid results. This may not be the cause, but here's hoping.

Running host 192.168.1.100 returns:

Host 100.1.168.192.in-addr.arpa not found: 3(NXDOMAIN)

Here is signicant portion of my /etc/named.conf:

zone "dev.domain.com" {
type master;
file "dev.domain.com.zone";
allow-transfer {
192.168.1.50;
192.168.1.1;
192.168.1.100;
};
};


and the subsequent dev.domain.com.zone file:

$TTL 1d

@ 7d IN SOA localhost.dev.domain.com. admin.dev.domain.com. (
2004102401 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expiry
86400 ) ; minimum


@ 7d IN NS localhost.dev.domain.com.
@ 1d IN MX 10 mail.dev.domain.com.
@ 1d IN A 192.168.1.50
localhost 1d IN A 127.0.0.1
server 1d IN A 192.168.1.50
www 1d IN A 192.168.1.50
mail 1d IN A 192.168.1.50
winxp 1d IN A 192.168.1.100

I did a named-checkzone and it parses it good, and I did check to make sure that /etc/named.conf was actually loading the file (not chrooted or something else causing problem).

iptables -L is big, I don't know if it's worth pasting it all but here's what I found that might be significant?

RESERVED all -- 192.168.0.0/16 anywhere
ADMIN all -- winxp.dev.domain.com anywhere (tried to setup IP as admin as well)

Anyway, I have no idea where to go from here, any help would be greatly appreciated! Thanks in advance for the help!

-Andrew

ugge 10-24-2004 03:13 AM

Code:

Host 100.1.168.192.in-addr.arpa not found: 3(NXDOMAIN)
Apear because you don't have a PTR resource record in your reverse lookup zone.
Have a look at http://www.unix.org.ua/orelly/networ...ip/ch08_03.htm

emailssent 10-24-2004 05:27 AM

@ugge

Thanx u r given above link is helpfull for me I was looking for some sendmail docs. I will check it out. Do u have more link like that for different servers.


-jack


All times are GMT -5. The time now is 04:45 PM.