LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 10-24-2004, 02:08 AM   #1
majiclab
LQ Newbie
 
Registered: Oct 2004
Distribution: CentOS 3.3
Posts: 1

Rep: Reputation: 0
Question Problems with iptables and DNS/named Zone settings


Hello,

I wouldn't consider myself a Linux noob (done lots of LAMP setups, especially compiling packages for the LAMP servers), however, I am definitely a new to Linux networking setups.

I have a dev linux server (CentOS 3.3, iptables 1.2.8, bind 9.2.4rc6, static IP 192.168.1.50) and a workstation (Windows XP, DHCP, 192.168.1.100) behind a Linksys router.

I am trying to secure my server fairly good (found some suspicious SSH entries in logs) to deny certain ports like 22, but allow them uncoditionally for my workstation (.100) and certain external IPs (production servers in data centres).

After a bit of hacking I believe I have found the problem, but am stumped on a solution. I am using gShield 2.8 to configure IP Tables. It has succesfully blocked IP 1.2.3.4 from SSH (and I assume all others) and has allowed IP 1.2.3.5, as configured with ./conf/client_hosts in gShield.

However, I also have 192.168.1.100 in ./conf/client_hosts, and my hacking found out that the likely cause of the problem is that in ./gShield.rc, certain commands are sent as `host $ip_address`, and returning invalid results. This may not be the cause, but here's hoping.

Running host 192.168.1.100 returns:

Host 100.1.168.192.in-addr.arpa not found: 3(NXDOMAIN)

Here is signicant portion of my /etc/named.conf:

zone "dev.domain.com" {
type master;
file "dev.domain.com.zone";
allow-transfer {
192.168.1.50;
192.168.1.1;
192.168.1.100;
};
};


and the subsequent dev.domain.com.zone file:

$TTL 1d

@ 7d IN SOA localhost.dev.domain.com. admin.dev.domain.com. (
2004102401 ; serial
28800 ; refresh
14400 ; retry
3600000 ; expiry
86400 ) ; minimum


@ 7d IN NS localhost.dev.domain.com.
@ 1d IN MX 10 mail.dev.domain.com.
@ 1d IN A 192.168.1.50
localhost 1d IN A 127.0.0.1
server 1d IN A 192.168.1.50
www 1d IN A 192.168.1.50
mail 1d IN A 192.168.1.50
winxp 1d IN A 192.168.1.100

I did a named-checkzone and it parses it good, and I did check to make sure that /etc/named.conf was actually loading the file (not chrooted or something else causing problem).

iptables -L is big, I don't know if it's worth pasting it all but here's what I found that might be significant?

RESERVED all -- 192.168.0.0/16 anywhere
ADMIN all -- winxp.dev.domain.com anywhere (tried to setup IP as admin as well)

Anyway, I have no idea where to go from here, any help would be greatly appreciated! Thanks in advance for the help!

-Andrew
 
Old 10-24-2004, 03:13 AM   #2
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Code:
Host 100.1.168.192.in-addr.arpa not found: 3(NXDOMAIN)
Apear because you don't have a PTR resource record in your reverse lookup zone.
Have a look at http://www.unix.org.ua/orelly/networ...ip/ch08_03.htm
 
Old 10-24-2004, 05:27 AM   #3
emailssent
Member
 
Registered: Sep 2004
Posts: 312

Rep: Reputation: 30
@ugge

Thanx u r given above link is helpfull for me I was looking for some sendmail docs. I will check it out. Do u have more link like that for different servers.


-jack
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS secondary zone transfer problems jc materi Linux - Networking 5 04-04-2007 12:19 PM
DNS: Named.conf don point to zone file Swakoo Linux - General 3 09-27-2005 07:02 PM
named classless reverse zone jon3k Linux - Software 1 03-08-2005 09:57 PM
BIND DNS Problems with Zone file and Config Init-0 Linux - Networking 6 07-30-2003 04:58 PM
named - dns - problems blaci Linux - General 2 07-22-2003 01:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration