[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Ipchains and dns
- Subject: Re: [cobalt-security] Ipchains and dns
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 00:40:11 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Robbert,
> I did indeed obscure it.
Ah, very good.
> > For ipchains I use this chain instead:
> >
> > $IPCHAINS -A input -p tcp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
> > $IPCHAINS -A input -p udp -s $REMOTENET -d $LOCALNET 53 -j ACCEPT
>
> $REMOTE NET => how did you enter the range ??
$REMOTENET is set to 0/0
$LOCALNET is set to the DNS server IP address.
> say i have 217.100.169.115 as DNS server
> 217.100.169.114 server ip
> 217.100.169.1 gateway (all fake btw)
>
> how should the rule read then ?
$IPCHAINS -A input -p tcp -s 0/0 -d 217.100.169.115/32 53 -j ACCEPT
$IPCHAINS -A input -p udp -s 0/0 -d 217.100.169.115/32 53 -j ACCEPT
After all, we want port 53 just to be open to the outside world on the IP
address of the DNS server. And we want to allow both UDP and TCP.
--
With best regards,
Michael Stauber