Hello to all,
I have a small problem.
I would like to reassure two DNS machines (a primary and a secondary) with iptables
By default I block everything, but even with rules for the port 53, it blocks the queries needing to resolve via the primary, and the secondary does not manage to transfer the zones of the primary …
DNS are on public ip, but to simplify, we are going to say that:
The primary DNS is: 192.168.0.10
The secondary DNS is: 192.168.0.20
Here are iptables rules(sliders) which I have at present:
Quote:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i lo --source 127.0.0.1 --destination 127.0.0.1 -j ACCEPT
|
Thus with these rules, I have quite a lot of problems (resolutions, transfersof zones)
I found these rules on a forum, that seems to be interesting but as I do not know there not iptable, I ignore if it is what I miss or not.
For information here is all the same what I found (not tested):
Quote:
#iptables -A INPUT -p tcp -s 192.168.0.20/255.255.255.255 --sport 1024:65535 -d 192.168.0.10 -dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -p tcp -s 192.168.0.10/255.255.255.255 --sport 53:65535 -d 192.168.0.20 -dport 1024:65535 -m state state ESTABLISHED -j ACCEPT
|
If somebody can help me
Thank you
PS: server are under Linux Mandrake
Threepwood
problems between DNS & iptable
