On Sunday 04 June 2006 10:14, Brian ThunderEagle wrote:
> Well, it all seemed straight forward to me and the how-to's made it seem
> simple too...Since iptables was blocking my dns before and I didn't want to
> leave it turned completly off I tried to add a rule to allow traffic on
> port 53. Here is the command I used:
>
> iptables -A INPUT -p udp --dport 53 -j ACCEPT
>
> Then an "iptables -L" comes out with:
>
> ACCEPT udp -- anywhere anywhere udp dpt: domain
>
> after saving and restarting iptables though my nslookup can't contact my
> dns server. I also tried adding a rule to my output chain as well but that
> didn't make a difference. There is also a set of rules that came with the
> OS but all but 1 of the rules are ACCEPT rules, the one REJECT rule is:
>
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
>
> I don't know what this rule means exactly but I figure it shouldn't effect
> DNS. Oh yes, and I have made sure that my dns server is using specifically
> port 53 by uncommenting the "query-source" line in "named.conf".
>
> Brian ThunderEagle
> thundereagle@hotmail.com
If you're using CentOS, use the built-in firewall rule editor (very
rudimentary, but it works) or install something like Firestarter. If you're
using the built-in system, run the
program /usr/bin/system-config-securitylevel-tui
Then take a look at the file cat /etc/sysconfig/system-config-securitylevel.
Then you can edit that file manually, and run
/usr/bin/system-config-securitylevel-tui -q
to activate the settings.
j
-- Joshua Kugler Lead System Admin -- Senior Programmer http://www.eeinternet.com PGP Key: http://pgp.mit.edu/ ID 0xDB26D7CE PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111 --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Mon Jun 5 09:57:54 2006
This archive was generated by hypermail 2.1.8 : Mon Jun 05 2006 - 09:57:54 AKDT