iptables ruleset for nameserver

DaveL · 01-06-2003, 12:24 AM

i've a ruleset for my nameserver. some of the packets are dropped going out. can anyone help me to intepret why these packets are dropped. is ther e something wrong with the ruleset.

localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=168 TOS=0x00 PREC=0xC0 TTL=64 ID=25909 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=140 TOS=0x00 PREC=0x00 TTL=55 ID=34974 PROTO=UDP SPT=53 DPT=1036 LEN=120 ]
localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=200 TOS=0x00 PREC=0xC0 TTL=64 ID=17833 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=172 TOS=0x00 PREC=0x00 TTL=246 ID=47063 DF PROTO=UDP SPT=53 DPT=1035 LEN=152 ]
localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=184 TOS=0x00 PREC=0xC0 TTL=64 ID=25910 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=156 TOS=0x00 PREC=0x00 TTL=55 ID=46179 PROTO=UDP SPT=53 DPT=1037 LEN=136 ]
localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=232 TOS=0x00 PREC=0xC0 TTL=64 ID=17834 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=204 TOS=0x00 PREC=0x00 TTL=246 ID=47065 DF PROTO=UDP SPT=53 DPT=1036 LEN=184 ]
localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=561 TOS=0x00 PREC=0xC0 TTL=64 ID=25911 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=533 TOS=0x00 PREC=0x00 TTL=55 ID=54026 PROTO=UDP SPT=53 DPT=1038 LEN=513 ]
localhost kernel: OUTPUT IN= OUT=ppp0 SRC=AAA.BBB.CCC.DDD DST=aaa.bbb.ccc.ddd LEN=561 TOS=0x00 PREC=0xC0 TTL=64 ID=17835 PROTO=ICMP TYPE=3 CODE=3 [SRC=aaa.bbb.ccc.ddd DST=AAA.BBB.CCC.DDD LEN=533 TOS=0x00 PREC=0x00 TTL=246 ID=47067 DF PROTO=UDP SPT=53 DPT=1037 LEN=513 ]

my ip address=AAA.BBB.CCC.DDD
name server=aaa.bbb.ccc.ddd

thanks in advance for any help

niknah · 01-06-2003, 10:47 AM

you'd have to post your ruleset, it's something wrong with the OUTPUT chain obviously.

DaveL · 01-06-2003, 09:24 PM

thanks for the attention. the following are the rulesets:

-A OUTPUT -d 192.x.x.x -o ppp0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -d 192.y.y.y -o ppp0 -p udp -m udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

i've no problems with the firewall, just that the logs showed dropped icmp packets to my nameservers and i want to know why that happened. thanks

niknah · 01-06-2003, 09:54 PM

your ip addresses from the first message are different from the ones in the 2nd message, and which computer is the firewall on, the name server or somewhere else? and where'd those logs from the first message come from, name server or your computer?

DaveL · 01-07-2003, 12:11 AM

sorry i've not been clear with my info. i'm using a standalone comp and the logs was from the comp. the nameserver from the first post was from my isp dns 192.x.x.x hope this helps. thanks