Results 1 to 4 of 4
  1. #1

    IPTables question.

    Can anyone tell me why IPTables is blocking and queries sent to my dns port (53)? IT works fine when i turn off IPTables. Here is the config file

    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    # firewall; such entries will *not* be listed here.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
    COMMIT



    Any insight would be appreciated.

    Thanks

  2. #2
    Join Date
    Mar 2004
    Posts
    66
    you seem to be on a redhat machine. this is in /etc/sysconfig/iptables.

    iptables-save >iptables.txt

    in iptables.txt before any line that contains udp

    insert

    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT


    and then iptables-restore < iptables.txt

    If this wrks, you can make changes permanent : iptables-save >/etc/sysconfig/iptables

  3. #3
    Join Date
    Feb 2004
    Posts
    161
    nm

  4. #4
    Ok, thanks. One thing, when you say before any line that contains UDP, do you mean, just one instance of that line, or insert it before EVERY line with UDP in it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •