Firewall questions I promised you.
Bruce McDonald
brucemcdonal at mindspring.com
Mon Jun 7 05:33:03 UTC 2004
Hello Rick
On 01-Jun-04, you wrote:
<snip>
>> My next error is:
>> iptables v1.2.7a: host/network `yahoo.com' not found
>> Try `iptables -h' or 'iptables --help' for more information.
>>
>> I assume this means the firewall is halting packets to or from my DNS
>> server.
> Yup.
Interestingly, it is only halting packets that originate on the Linux box.
The other boxen are comunicating fine now that I have weeded out the stupid
errors I made.
>> I still have to check a little further into this, I do have rules that
>> are supposed to allow the traffic. I will post them for your input once I
>> figure that I don't see anything at all wrong with them.
> It rather depends on how strict you want your firewall to be regarding
> DNS. Without seeing the entire iptables setup, I can't comment on what
> you want to do. However, somewhere near the top of your list you should
> have something along the lines of:
> iptables -A INPUT -p udp -port 53 -j ACCEPT
> This would accept all UDP DNS traffic (remember, 99% of DNS traffic is
> UDP, not TCP).
I would experiment with this more now, but work is cutting into my playtime.
Regards,
Bruce McDonald
More information about the Redhat-install-list
mailing list