[sclug] iptables
Tom Dawes-Gamble
tmdg at tmdg.co.uk
Sat Aug 7 12:42:58 UTC 2004
Okay you iptables gurus.
I'm having problems configuring iptables on my name server.
Want I really want to do is as follows.
dns.tmdg.co.uk updates the two real name servers for the domain
ns1.dns.houxou.com and ns2.dns.houxou.com.
dns.tmdg.co.uk will answer requests from rg.tmdg.co.uk.
dns.tmdg.co.uk will answer requests from sn.tmdg.co.uk.
Now with iptables off everything is fine but as soon as I turn on
iptables thats it no access to the name server.
with iptables --list on I get :-
Chain MY-Input (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
spt:domain
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT udp -- dns.tmdg.co.uk anywhere udp spt:domain
ACCEPT udp -- ns1.dns.houxou.com anywhere udp
spt:domain
ACCEPT udp -- ns2.dns.houxou.com anywhere udp
spt:domain
ACCEPT udp -- rg.tmdg.co.uk anywhere udp
spt:domain
REJECT tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp
reject-with icmp
There is more bu tI chopped that out. :-)
To my untrained eye that says I accept any traffic on port 53.
So what is the magic to allow me to run the iptables firewall and allow
the nameserver to work?
Regards,
Tom.
--
main(int c,char **v){long x;while(--c){sscanf(*++v,"%li",&x);
printf("Decimal = %ld\nHex = 0x%lx\nOctal = 0%lo\n",x,x,x);}}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.tmdg.co.uk/pipermail/sclug/attachments/20040807/f44ca8a1/attachment.bin
More information about the Sclug
mailing list