Jason,
Thank you very much for your help. I appreciate the time you have taken to
help me out with my domain problem. I will most definitely check out the
BoingWorld tutorial.
I understand what you are saying about UDP being a connectionless protocol.
That being the case, my rule a
At 987720434s since epoch (04/19/01 17:47:14 -0400 UTC), Janet Post wrote:
> iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> This allows ALL connections that have been established or are related
> though. In your discription, you describe something much more strict.
> Is
Jason,
I used Phil's rule:
iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT
This allows ALL connections that have been established or are related though.
In your discription, you describe something much more strict. Is it possible
to exploit that, or should I close it off m
At 987717599s since epoch (04/19/01 16:59:59 -0400 UTC), Janet Post wrote:
>
> So you're running a DNS server?
>
> No. I'm just trying to get name resolution working.
> I'm still not clear on this then...What ports do I open to allow my server
> and the computers behind it resolve ip numbers?
>>> "Noah L. Meyerhans" <[EMAIL PROTECTED]> 04/19 4:41 PM >>>
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh? That is completely untrue. If that was the case then any program
> > that wished to lookup host
So you're running a DNS server?
No. I'm just trying to get name resolution working.
iptables is just trying to resolve the ip numbers in your rules.
"iptables -L -n" will change that.
Yes. I -finally- figured this out, thanks to Phil and Noah. Noah was correct
that iptables hanging was just
On Thu, Apr 19, 2001 at 03:36:37PM -0500, Phil Brutsche wrote:
> > > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
> >
> > Huh? That is completely untrue. If that was the case then any program
> > that wished to lookup hosts in the DNS would need to be run as root
> > (ordinary users do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> > iptables -A INPUT -p UDP --source-port domain -j ACCEPT
>
> Huh? That is completely untrue. If that was the case then any program
> that wished to lookup hosts in the DNS would need to b
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> I am trying to set up a firewall on my server and am having trouble
> with one of my iptables rules.
>
> I can set up all the rules that I like, but I can't seem to get this
> one to work:
>
On Thu, Apr 19, 2001 at 03:59:14PM -0400, Jason Healy wrote:
> Or, if you don't feel like opening all 64,000+ of those ports, try a rule
> like:
>
> iptables -A INPUT -p UDP --source-port domain -j ACCEPT
>
>
> Since DNS requests will appear to come from port 53 (domain), this rule lets
> all su
At 987713387s since epoch (04/19/01 15:49:47 -0400 UTC), Noah L. Meyerhans
wrote:
> If you run 'netstat -ulp' (as root, of course) you'll find that bind is
> listening on some high port. If you allow UDP on ports > 1024 you should
> be all set.
Or, if you don't feel like opening all 64,000+ of
On Thu, Apr 19, 2001 at 03:17:24PM -0400, Janet Post wrote:
> I have no trouble if I set the policy of the chain in question to
> ACCEPT, I have no trouble.
The problem is that DNS requests don't usually happen on port 53. You
are seeing hangs because iptables is trying to resolve the hostnames
Hello,
I am trying to set up a firewall on my server and am having trouble with one of
my iptables rules.
I can set up all the rules that I like, but I can't seem to get this one to
work:
# iptables -A INPUT -p udp --dport 53 -j ACCEPT
(or the OUTPUT equivelent)
When I add this to my INPUT
13 matches
Mail list logo
