    IPTables question.

    Can anyone tell me why IPTables is blocking and queries sent to my dns port (53)? IT works fine when i turn off IPTables. Here is the config file

    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    # firewall; such entries will *not* be listed here.
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT

    Any insight would be appreciated.


    you seem to be on a redhat machine. this is in /etc/sysconfig/iptables.

    iptables-save >iptables.txt

    in iptables.txt before any line that contains udp


    iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT

    and then iptables-restore < iptables.txt

    If this wrks, you can make changes permanent : iptables-save >/etc/sysconfig/iptables

  4. #4
    Ok, thanks. One thing, when you say before any line that contains UDP, do you mean, just one instance of that line, or insert it before EVERY line with UDP in it?

