Re: Allow DNS through iptable/lokkit

Fri, 21 Feb 2003 04:51:17 -0800 

Could still use some help here if anyone would be willing. I tried a few
rules I found searching google, but so far no luck. As soon as I enable
the firewall, I can't use my DNS server.

Thanks,
James

On Thu, 2003-02-20 at 09:59, James Pifer wrote:
> I'm trying to set up a firewall on one of my machines(also runs the DNS
> service) and having problems with getting DNS working. Everything else
> works ok. As soon as I turn it on, my clients can't use DNS anymore. The
> ruleset is below. Can anyone tell me how to fix it?
> 
> Thanks,
> James
> 
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
> *filter
> :FORWARD ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 10000:11000 -j ACCEPT
> --syn 
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0 --dport 5900:5902
> -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p udp --dport 53 -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 123 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -s 192.168.1.0 --dport 139 -j
> ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 443 -j ACCEPT  --syn
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -j REJECT  --syn 
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
> COMMIT
> # Generated by webmin
> *mangle
> :FORWARD ACCEPT [0:0]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> COMMIT
> # Completed
> # Generated by webmin
> *nat
> :OUTPUT ACCEPT [0:0]
> :PREROUTING ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> COMMIT
> # Completed
> 
> 
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
> https://listman.redhat.com/mailman/listinfo/redhat-list




-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to