[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Ipchains and dns
- Subject: Re: [cobalt-security] Ipchains and dns
- From: "Robbert Hamburg \(HaVa Web- & Procesdesign\)" <user@xxxxxxx>
- Date: Wed, 16 Apr 2003 20:50:39 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Hi Robbert,
Hi master Guru :-)
> > # DNS Server (persistant connections)
> > /sbin/ipchains -A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
> >
> > # allow dns - standard
> > /sbin/ipchains -A input -p udp -s 0/0 -d 0/0 53 -j ACCEPT
> >
> > Running the above in a firewall script makes it impossible to use that
dns
> > server.....
>
> You do not realy use "-d 0/0 " in your firewall, do you? It ought to be
the IP
> address range and netmask of your network or IP address and netmask of
your
> local DNS server. I assume you just obscured the real network address for
> your posting of the message in public, but I rather ask anyway.
I did indeed obscure it.
> For ipchains I use this chain instead:
>
> $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
> $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
$REMOTE NET => how did you enter the range ??
say i have 217.100.169.115 as DNS server
217.100.169.114 server ip
217.100.169.1 gateway (all fake btw)
how should the rule read then ?
Can you give me a dumbhead example cause i think i have setup up your way
but still not working.
Thanks
--
This message has been scanned for viruses and
dangerous content by HaVa.nl MailScanner, and is
believed to be clean.