Jason,
Thank you very much for your help. I appreciate the time you have taken to
help me out with my domain problem. I will most definitely check out the
BoingWorld tutorial.
I understand what you are saying about UDP being a connectionless protocol.
That being the case, my rule a
At 987720434s since epoch (04/19/01 17:47:14 -0400 UTC), Janet Post wrote:
> iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> This allows ALL connections that have been established or are related
> though. In your discription, you describe something much more strict.
> Is
Jason,
I used Phil's rule:
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
This allows ALL connections that have been established or are related though.
In your discription, you describe something much more strict. Is it possible
to exploit that, or should I close it off m
At 987717599s since epoch (04/19/01 16:59:59 -0400 UTC), Janet Post wrote:
>
> So you're running a DNS server?
>
> No. I'm just trying to get name resolution working.
> I'm still not clear on this then...What ports do I open to allow my server
> and the computers behind it resolve ip numbers?
>>> "Noah L. Meyerhans" <[EMAIL PROTECTED]> 04/19 4:41 PM >>>
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh? That is completely untrue. If that was the case then any program
> > that wished to lookup host
So you're running a DNS server?
No. I'm just trying to get name resolution working.
iptables is just trying to resolve the ip numbers in your rules.
"iptables -L -n" will change that.
Yes. I -finally- figured this out, thanks to Phil and Noah. Noah was correct
that iptables hanging was just
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh? That is completely untrue. If that was the case then any program
> > that wished to lookup hosts in the DNS would need to be run as root
> > (ordinary users do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
>
> Huh? That is completely untrue. If that was the case then any program
> that wished to lookup hosts in the DNS would need to b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> I am trying to set up a firewall on my server and am having trouble
> with one of my iptables rules.
>
> I can set up all the rules that I like, but I can't seem to get this
> one to work:
>
On Thu, Apr 19, 2001 at 03:59:14PM -0400, Jason Healy wrote:
> Or, if you don't feel like opening all 64,000+ of those ports, try a rule
> like:
>
> iptables -A INPUT -p UDP --source-port domain -j ACCEPT
>
>
> Since DNS requests will appear to come from port 53 (domain), this rule lets
> all su
At 987713387s since epoch (04/19/01 15:49:47 -0400 UTC), Noah L. Meyerhans
wrote:
> If you run 'netstat -ulp' (as root, of course) you'll find that bind is
> listening on some high port. If you allow UDP on ports > 1024 you should
> be all set.
Or, if you don't feel like opening all 64,000+ of
On Thu, Apr 19, 2001 at 03:17:24PM -0400, Janet Post wrote:
> I have no trouble if I set the policy of the chain in question to
> ACCEPT, I have no trouble.
The problem is that DNS requests don't usually happen on port 53. You
are seeing hangs because iptables is trying to resolve the hostnames
12 matches
Mail list logo
