Re: Bind 9 named on RH 9 only listens to local machine?

Mon, 01 Sep 2003 19:31:08 +0000 

On Mon, 2003-09-01 at 11:57, Benjamin J. Weiss wrote:
> On 31 Aug 2003, Bret Hughes wrote:
> 
> > On Sun, 2003-08-31 at 14:56, Benjamin J. Weiss wrote:
> > > All,
> > > 
> > > I'm setting up a name server for work.  I've gone into the
> > > redhat-config-bind tool, and I think I have all of the zones configured
> > > correctly.  I was able to add the service with chkconfig, and I was able to
> > > start the named service with /etc/init.d/named start.  I allowed port 53,
> > > both tcp and udp through the firewall, with the following two iptables
> > > rules:
> > > 
> > > -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
> > > -A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 53 -j ACCEPT
> > > 

I am thinking firewall issue.  do your rules log anything not accepted? 
If so, what is in /var/log/messages?

This allows (I think) new tcp connections to the machine and incoming
udp packets. 


Do your rules allow outgoing?  I am not familiar with the RH-Lookit
setup and have gotten spoiled with shorewall. 
> 
> Okay:
> 
> [EMAIL PROTECTED] root]# netstat -tapn | grep named
> tcp        0      0 204.87.126.145:53       0.0.0.0:*               LISTEN      
> 21389/named
> tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      
> 21389/named
> tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      
> 21389/named
> 

what about the udp side? here is mine on a redhat 9 box that I am
currently setting up to be the primary server for a domain.
[EMAIL PROTECTED] root]# netstat -anp |grep 53
tcp        0      0 68.78.214.242:53        0.0.0.0:*               LISTEN      
6664/named          
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      
6664/named          
udp        0      0 68.78.214.242:53        0.0.0.0:*                           
6664/named        



> And I can still do a dig from the machine, but not from any external 
> machine.  I know the port is open (I've done an nmap from home).  I did a 
> netstat -tapn | grep httpd, and it shows that the ip address should be 
> 0.0.0.0 instead of the local ip address....
>

0.0.0.0 just means listen to all interfaces I believe.  Named is
listening on the external interface port as seen by the above

HTH

Bret - who is always willing to help the osbi since he lives in Tulsa :)



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list

Reply via email to