Re: [expert] Re: DNS problems on 9.0

Jim C Tue, 22 Oct 2002 13:19:11 -0700

> Also note that just pinging the server may not work if you are blocking
> icmp. I realize that you said you aren't running a firewall, but I want
> to be *SURE*.

I agree. My specialty is clustering not security, mainly
because the organizational computing overlords are pretty territorial
about it. ;-) As a consequence, I wasn't sure how to go about double
checking.

As requested (all executed as root on the nameserver/gateway):

Note: I ran host enigma.microverse.net from a client and got a negative response (i.e. no such animal). I would past the exact error but I don't have connectivity estblished between that partition and this and the floppy keeps mounting read only. Will fix this later, first things first.

[root@enigma jcolling]# cat tests.txt
The results of 'netstat -lun' are:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
udp 0 0 0.0.0.0:32768 0.0.0.0:*

udp 0 0 0.0.0.0:2049 0.0.0.0:*

udp 0 0 0.0.0.0:32770 0.0.0.0:*

udp 0 0 0.0.0.0:32772 0.0.0.0:*

udp 0 0 0.0.0.0:32773 0.0.0.0:*

udp 0 0 208.152.4.88:137 0.0.0.0:*

udp 0 0 192.168.1.254:137 0.0.0.0:*

udp 0 0 0.0.0.0:137 0.0.0.0:*

udp 0 0 208.152.4.88:138 0.0.0.0:*

udp 0 0 192.168.1.254:138 0.0.0.0:*

udp 0 0 0.0.0.0:138 0.0.0.0:*

udp 0 0 0.0.0.0:10000 0.0.0.0:*

udp 0 0 192.168.1.254:53 0.0.0.0:*

udp 0 0 208.152.4.88:53 0.0.0.0:*

udp 0 0 127.0.0.1:53 0.0.0.0:*

udp 0 0 0.0.0.0:3130 0.0.0.0:*

udp 0 0 0.0.0.0:7741 0.0.0.0:*

udp 0 0 0.0.0.0:67 0.0.0.0:*

udp 0 0 0.0.0.0:837 0.0.0.0:*

udp 0 0 0.0.0.0:967 0.0.0.0:*

udp 0 0 0.0.0.0:3401 0.0.0.0:*

udp 0 0 0.0.0.0:4827 0.0.0.0:*

udp 0 0 0.0.0.0:607 0.0.0.0:*

udp 0 0 0.0.0.0:111 0.0.0.0:*

udp 0 0 192.168.1.254:123 0.0.0.0:*

udp 0 0 208.152.4.88:123 0.0.0.0:*

udp 0 0 127.0.0.1:123 0.0.0.0:*

udp 0 0 0.0.0.0:123 0.0.0.0:*

udp 0 0 0.0.0.0:764 0.0.0.0:*

The results of 'service named status' are:
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

The results of 'host enigma.microverse.net' are:
;; connection timed out; no servers could be reached

The results of 'iptables --list -n' are:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth0_in all -- 0.0.0.0/0 0.0.0.0/0
eth1_in all -- 0.0.0.0/0 0.0.0.0/0
common all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:INPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP)
target prot opt source destination
eth0_fwd all -- 0.0.0.0/0 0.0.0.0/0
eth1_fwd all -- 0.0.0.0/0 0.0.0.0/0
common all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:FORWARD:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED
fw2net all -- 0.0.0.0/0 0.0.0.0/0
fw2masq all -- 0.0.0.0/0 0.0.0.0/0
common all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:OUTPUT:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain all2all (3 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
common all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:all2all:REJECT:'
reject all -- 0.0.0.0/0 0.0.0.0/0

Chain common (5 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
icmpdef icmp -- 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:445
reject-with icmp-port-unreachable
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 224.0.0.0/4
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
DROP all -- 0.0.0.0/0 255.255.255.255
DROP all -- 0.0.0.0/0 192.168.1.255

Chain dynamic (4 references)
target prot opt source destination

Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0
net2all all -- 0.0.0.0/0 0.0.0.0/0

Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
net2fw all -- 0.0.0.0/0 0.0.0.0/0

Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0
masq2net all -- 0.0.0.0/0 0.0.0.0/0

Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
masq2fw all -- 0.0.0.0/0 0.0.0.0/0

Chain fw2masq (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:137
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:138
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:139
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:631
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:137
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:138
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:139
all2all all -- 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain icmpdef (1 references)
target prot opt source destination

Chain loc2fw (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:21
all2all all -- 0.0.0.0/0 0.0.0.0/0

Chain loc2net (0 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain masq2fw (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:119
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:123
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:67
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:80
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:443
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:631
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:143
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:110
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:25
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:119
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:123
all2all all -- 0.0.0.0/0 0.0.0.0/0

Chain masq2net (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
common all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0
level 6 prefix `Shorewall:net2all:DROP:'
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
newnotsyn tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp flags:!0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW
udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:21
net2all all -- 0.0.0.0/0 0.0.0.0/0

Chain newnotsyn (9 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0

Chain reject (6 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with
tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-port-unreachable

Chain shorewall (0 references)
target prot opt source destination

The results of 'iptables --list -n -t nat' are:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth0_masq all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0
[root@enigma jcolling]#

Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Re: DNS problems on 9.0

Reply via email to