Root server DNS traffic across Linux/ipchains firewall?
Steve Snyder
swsnyder at home.com
Thu Oct 21 04:12:11 UTC 1999
I'm setting up a firewall on my Linux box. This machine is running
Linux kernel v2.2.13 and BIND v8.2.1. For some reason I'm getting
output from my box to root nameservers on a high port number. Can
anyone explain this?
My intent is to ensure that all traffic goes through specific ports, so
I configured named and set the ipchains rules appropriately. Here's a
fragment of my /etc/named.conf (note the use of port 53):
options {
directory "/var/named/snydernet";
transfer-format many-answers;
query-source address * port 53;
allow-query { 127.0.0.1; 192.168.0/24;};
listen-on { 127.0.0.1; 192.168.0.12; };
forward first;
forwarders { 24.4.162.33; 24.4.162.34; };
};
and the rules for accepting DNS traffic (again, note use of port 53):
for NAMESERVER in 24.4.162.33 24.4.162.34 ; do
ipchains -A input -i $EXTRN_IFACE -p udp \
-s $NAMESERVER 53 -d $IPADDR 53 -j ACCEPT
ipchains -A output -i $EXTRN_IFACE -p udp \
-s $IPADDR 53 -d $NAMESERVER 53 -j ACCEPT
ipchains -A input -i $EXTRN_IFACE -p tcp ! -y \
-s $NAMESERVER 53 -d $IPADDR 53 -j ACCEPT
ipchains -A output -i $EXTRN_IFACE -p tcp \
-s $IPADDR 53 -d $NAMESERVER 53 -j ACCEPT
done
Below is the outbound traffic I'm seeing. My IP address is
111.222.333.444 and the other addresses are all root name servers. I
get 1 log entry each 4 seconds.
Oct 20 18:29:29 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 198.41.0.10:53 L=45 S=0x00 I=8103 F=0x0000 T=63 (#57)
Oct 20 18:29:33 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 193.0.14.129:53 L=45 S=0x00 I=8104 F=0x0000 T=63 (#57)
Oct 20 18:29:37 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 192.5.5.241:53 L=45 S=0x00 I=8105 F=0x0000 T=63 (#57)
Oct 20 18:29:41 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 192.36.148.17:53 L=45 S=0x00 I=8106 F=0x0000 T=63 (#57)
Oct 20 18:29:45 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 198.41.0.4:53 L=45 S=0x00 I=8107 F=0x0000 T=63 (#57)
Oct 20 18:29:49 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 198.32.64.12:53 L=45 S=0x00 I=8108 F=0x0000 T=63 (#57)
Oct 20 18:29:53 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 202.12.27.33:53 L=45 S=0x00 I=8110 F=0x0000 T=63 (#57)
Oct 20 18:30:09 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 128.8.10.90:53 L=45 S=0x00 I=8111 F=0x0000 T=63 (#57)
Oct 20 18:30:17 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 192.112.36.4:53 L=45 S=0x00 I=8112 F=0x0000 T=63 (#57)
Oct 20 18:30:25 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 128.9.0.107:53 L=45 S=0x00 I=8113 F=0x0000 T=63 (#57)
Oct 20 18:30:33 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 192.203.230.10:53 L=45 S=0x00 I=8114 F=0x0000 T=63 (#57)
Oct 20 18:30:37 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 202.12.27.33:53 L=45 S=0x00 I=8115 F=0x0000 T=63 (#57)
Oct 20 18:30:41 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 128.8.10.90:53 L=45 S=0x00 I=8116 F=0x0000 T=63 (#57)
Oct 20 18:30:45 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 192.112.36.4:53 L=45 S=0x00 I=8117 F=0x0000 T=63 (#57)
Oct 20 18:30:49 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 128.9.0.107:53 L=45 S=0x00 I=8118 F=0x0000 T=63 (#57)
Oct 20 18:30:53 corona kernel: Packet log: output REJECT eth1 PROTO=17
111.222.333.444:61000 128.63.2.53:53 L=45 S=0x00 I=8119 F=0x0000 T=63 (#57)
One more question: if I have to live with traffic on a high port, can I
expect that it will always be port 61000?
Help! Thank you.
***** Steve Snyder *****
More information about the bind-users
mailing list