[newbie]DNS on the internet... how to allow connections?

All of lore.kernel.org
 help / color / mirror / Atom feed

* [newbie]DNS on the internet... how to allow connections?
@ 2005-02-21 23:34 Marco Nicoloso
  2005-02-22  0:08 ` Alistair Tonner
  0 siblings, 1 reply; 2+ messages in thread
From: Marco Nicoloso @ 2005-02-21 23:34 UTC (permalink / raw)
  To: Netfilter Mailing List

Hi there,

I solved all of my routing problems which I had before... Now everything 
works fine, but the name resolution. According to the scheme (Trusted 
subnet -> Firewall -> Internet), hosts on my trusted subnet can see the 
DNS properly, they get its address from the DHCP, but they cannot get 
DNS queries satisfacted.

I tried with different rules, but none works:
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT

or these:
$IPTABLES -A FORWARD -p tcp -s $DNS1_IP -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $DNS2_IP -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $DNS1_IP -j ACCEPT
$IPTABLES -A FORWARD -p udp -s $DNS2_IP -j ACCEPT

Do I have to setup my own named, cache queries and requests new ones if 
I need? Or it is just my problem, that I am not able to write rules...?

Thanks in advance

Marco Nicoloso

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [newbie]DNS on the internet... how to allow connections?
  2005-02-21 23:34 [newbie]DNS on the internet... how to allow connections? Marco Nicoloso
@ 2005-02-22  0:08 ` Alistair Tonner
  0 siblings, 0 replies; 2+ messages in thread
From: Alistair Tonner @ 2005-02-22  0:08 UTC (permalink / raw)
  To: netfilter

	Marco -- yer on the right track -- read in line.... 

On February 21, 2005 06:34 pm, Marco Nicoloso wrote:
> Hi there,
>
> I solved all of my routing problems which I had before... Now everything
> works fine, but the name resolution. According to the scheme (Trusted
> subnet -> Firewall -> Internet), hosts on my trusted subnet can see the
> DNS properly, they get its address from the DHCP, but they cannot get
> DNS queries satisfacted.

	DNS queries -- okay - unless the DNS is on the same box as the firewall you 
want to :
>
> I tried with different rules, but none works:
> $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
> $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
	Change INPUT to FORWARD 
	and try again...
> or these:
> $IPTABLES -A FORWARD -p tcp -s $DNS1_IP -j ACCEPT
> $IPTABLES -A FORWARD -p tcp -s $DNS2_IP -j ACCEPT
> $IPTABLES -A FORWARD -p udp -s $DNS1_IP -j ACCEPT
> $IPTABLES -A FORWARD -p udp -s $DNS2_IP -j ACCEPT
>
	Loose the above and use an ESTABLISHED, RELATED rule to accept the returns.

> Do I have to setup my own named, cache queries and requests new ones if
> I need? Or it is just my problem, that I am not able to write rules...?
	
	Nope -- just let the queries THROUGH the firewall -- not in or out.


	Alistair
>
> Thanks in advance
>
> Marco Nicoloso


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-02-22  0:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-21 23:34 [newbie]DNS on the internet... how to allow connections? Marco Nicoloso
2005-02-22  0:08 ` Alistair Tonner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.