|
|
|
|
|
|
| Author |
Message |
Baho Utot
*nix forums Guru Wannabe
Joined: 15 Mar 2005
Posts: 123
|
 Posted: Tue Feb 08, 2005 11:36 pm Post subject:
iptables DNS port
|
|
|
I have the following rules for DNS (bind 9 running as caching server)
are the following correct?
Comments please.
#
# DNS Name Server TCP 53/UDP 25
#
$IPTABLES -A OUTPUT -o $INTERNET -p udp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A OUTPUT -o $INTERNET -p tcp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
if [ $DNS_CACHE = "1" ]; then
# DNS CACHE LAN clients to private server (53)
$IPTABLES -A INPUT -i $LAN -p udp \
--sport $UNPRIVPORTS \
-d $LAN_ADDR --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A INPUT -i $LAN -p tcp \
--sport $UNPRIVPORTS \
-d $LAN_ADDR --dport 53 \
-m state --state NEW -j ACCEPT
else
$IPTABLES -A FORWARD -o $INTERNET -p udp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -o $INTERNET -p tcp \
--sport $UNPRIVPORTS \
-d $NAMESERVER --dport 53 \
-m state --state NEW -j ACCEPT
fi
Also will the following rule log all port 53 packets (from internet
interface)?
$IPTABLES -A INPUT -i $INTERNET -p tcp -d $INTERNET_IPADDR --dport 53 -j LOG |
|
| Back to top |
|
 |
Baho Utot
*nix forums Guru Wannabe
Joined: 15 Mar 2005
Posts: 123
|
| Posted: Sat Feb 12, 2005 5:00 pm Post subject:
Re: iptables DNS port
|
|
|
On Mon, 14 Feb 2005 12:07:30 -0500, Robert wrote:
| Quote: | On Wed, 09 Feb 2005 00:36:16 +0000, Baho Utot wrote:
I have the following rules for DNS (bind 9 running as caching server)
are the following correct?
Comments please.
I would do something like this;
# IPTABLES New Chain DNS
# ----------------------
$IPTABLES -N LOG_DNS
$IPTABLES -A LOG_DNS -j LOG --log-tcp-options --log-ip-options --log-prefix "[DNS] : "
$IPTABLES -A LOG_DNS -j ACCEPT
if [ $DNS_CACHE = "1" ]; then
# DNS CACHE LAN clients to private server (53)
$IPTABLES -A INPUT -i $LAN -p udp -d $LAN_ADDR --dport 53 -m state --state NEW -j LOG_DNS
$IPTABLES -A INPUT -i $LAN -p tcp -d $LAN_ADDR --dport 53 -m state --state NEW -j LOG_DNS
else
$IPTABLES -A FORWARD -o $INTERNET -p udp -d $NAMESERVER --dport 53 -m state --state NEW -j LOG_DNS
$IPTABLES -A FORWARD -o $INTERNET -p tcp -d $NAMESERVER --dport 53 -m state --state NEW -j LOG_DNS
fi
The top part creates a new chain that the bottom part jumps to to log all
NEW DNS connections.
|
Thankyou I'll try that and see if it will help. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Jan 09, 2009 8:59 am | All times are GMT
|
|
Loans | Reptile Supplies | Customer services | Credit Counseling | Best Credit Card Deals
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
networking
