Allow named-xfer's through firewalls
Derek Balling
dredd at megacity.org
Sat May 5 15:43:02 UTC 2001
At 11:31 AM -0400 5/5/01, James A Griffin wrote:
>What is the 16th rule in the "input" chain? Protocol 17 is UDP, but
>transfers use TCP. Are you sure that you have your firewall rules set
>properly?
Rule 16 is the catch-all "if I haven't explicitly allowed it by now,
reject it".
My DNS-related rules are:
ipchains -A input -i eth0 -p TCP -s 0.0.0.0/0 -d $LOCALIP 53 -j ACCEPT
ipchains -A input -i eth0 -p UDP -s 0.0.0.0/0 -d $LOCALIP 53 -j ACCEPT
Which I would think pretty well covers it.
I know its SOMETHING with the firewalls because if I enable the rule:
ipchains -A input -i eth0 -s 207.7.10.2 -d $LOCALIP -j ACCEPT
it works.
D
--
+---------------------+-----------------------------------------+
| dredd at megacity.org | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
More information about the bind-users
mailing list