Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
It seems that you messed up your firewall, as I can no longer query your DNS server. On the bright side, the glue record exists for it now.
Code:
[chort@horus4 chort]$ whois saraadhikari.com |grep 'Name Server:'
Name Server: NS1.SARAADHIKARI.COM
Name Server: NS2.SARAADHIKARI.COM
[chort@horus4 chort]$ dig +trace +short ns1.saraadhikari.com | egrep '^A'
A 221.243.63.180 from server A.GTLD-SERVERS.NET in 102 ms.
Now I have run the web server as well as DNS server. But my webserver is not secure. Because I am stopping firewall.
If I stat iptables my all the Webserver and DNS server does not works. So how I can set these things in iptables? What are the components do i need to set in iptables.
I am going through the manual provided by RedHat but I could not catch them. Waiting for your help.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
PHP Code:
-A RH-Firewall-1-INPUT -p udp --dport 53 -m state --state NEW -j ACCEPT -A RH-Firewall-1-INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT
By the way, you don't seem to have A records for your DNS servers in your own zone file. Just because the GTLD servers provide glue doesn't mean you can omit them. You need to add those to /var/named/saraadhikari.com.db .
The following the content of my saraadhikari.com.db
Where I need to add the "A" record
$TTL 14400
@ IN SOA ns1.saraadhikari.com. root.saraadhikari.com. (
2008090800
14400
3600
1209600
86400 )
saraadhikari.com. 14400 IN NS ns1.saraadhikari.com.
saraadhikari.com. 14400 IN NS ns2.saraadhikari.com.
ftp 14400 IN A 221.243.63.179
localhost 14400 IN A 127.0.0.1
mail 14400 IN A 221.243.63.179
pop 14400 IN A 221.243.63.179
saraadhikari.com. 14400 IN A 221.243.63.179
smtp 14400 IN A 221.243.63.179
www 14400 IN A 221.243.63.179
saraadhikari.com. 14400 IN MX 10 mail
saraadhikari.com. 14400 IN TXT "v=spf1 a mx ip4:221.243.63.179 ?all"
Now I am properly running my web server also. Thanks for the contribution of chort and billymayday. Now I am studying for the iptables stuffs. I will soon catch you people.
Hi chort now I am successfuly running my server by you people instruction. I have paste here content of /etc/sysconfig/iptables.
Could you please suggest me how i can secure my server from the outsiders.
I need to run my webserver (Apache and Tomcat) DNS master server, Mail server, FTP server etc.
What services do i need to run and what services do i need to stop.
------------------
[root@web08 /]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Thu Sep 11 16:48:27 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7909:541375]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Sep 11 16:48:27 2008
~
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.