Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

iptables configuration for named

Posted on 2008-10-07
7
Medium Priority
?
944 Views
Last Modified: 2012-05-05
HI
i have setup nameserver for my network

now if I flush iptables, pc from internal network can resolv Ip from nameserver

here is the list of my iptables

[root@workshop log]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited


Only confussion is ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353

do you think this one is giving trouble ??

i dinot create any iptables for 224...
how can i delete that one ??
Or do you think something else is giving trouble ?? NOte : Selinux is enables, but i dotn think selinux is givng trouble
0
Comment
Question by:fosiul01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 22660889
I think 244 is multicast address
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22660915
what shal i do ??
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22661622
You are missing the firewall hole to allow DNS.

You should have two lines like this :
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain

You will get it by adding something like this to your rules that build the iptables set :

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT  --syn
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT


0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 29

Author Comment

by:fosiul01
ID: 22667781
Hi after i typed  this one , do i need to save iptables for make this rule effecting ??

I know if i dont save this rule, when i will restart pc, all rule would be remove,

but without saving iptables rule can i not see if it works or not ??
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22667893
It depends on how your distribution handles these rules.   I think RedHat has a tool to put them into and I guess you are using that (lookingat the rule names)

On my box (which does not have a tool) but saves them on shutdown with iptables-save command you can put them in and test.  if it fails use iptables-restore to get back to where you were and when it works either save or restart
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22667908
ok i will come back to you after this question


http://www.experts-exchange.com/OS/Linux/Q_23796832.html?cid=295

its samething but for port 80, i tryed what you said, but its didnto work

have a look at that question
0
 
LVL 20

Accepted Solution

by:
edster9999 earned 2000 total points
ID: 22668001
Look at the order of the rules at the bottom.  It has gone in after the 'REJECT' which should be the last one.  This means if you hit this point and still have not found a matching rule then reject everything else.

The easiest way to get round this is to go and edit the iptables backup file.
(first make a backup of this file in case you mess it up)

This varies between distros so do a quick search for it.
From memory redhat puts it in
/etc/sysconfig/iptables
Copy and paste the lines you have just added above the reject and then reload it.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question