Re: [Masq] Dynamic IP DNS setting with iptables rules

[raf]

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Tom Cheung wrote:

>    I have seen the www.boingworld.com for setting firewall.It works for the
> most web access,ftp,mail.
>    But I need to access my Linux network at home when I'm working outside.So I
> setup a dynamic IP DNS
>    service (service provided by dyndns.org) for this purpose but doesn't
> work.
> 
>    In my own experience this dynamic IP DNS works only when I haven't execute
> firewall rules.It fails after
>    execute firewall rules.
> 
>    I have tried add icmp rules in the INPUT chain to see whether it works.
> 
>    DYN="mydns.dyndns.org/32"
> 
>    iptables -A icmp_packets -p ICMP -s $DYN --icmp-type 0 -j ACCEPT
>    iptables -A icmp_packets -p ICMP -s $DYN --icmp-type 3 -j ACCEPT
>    iptables -A icmp_packets -p ICMP -s $DYN --icmp-type 5 -j ACCEPT
>    iptables -A icmp_packets -p ICMP -s $DYN --icmp-type 11 -j ACCEPT
> 
>    But this rule is include in .... -s 0/0 --icmp-type 0 -j ACCEPT
> 
>    So would anyone like to tell me what rules to be added and add to where ?
>    Since I have tried to add rules to different place and wouldn't work.
>    Would anyone like to give me some advice? Thx

what does icmp have to do with dns?
if you need rules for outgoing dns,
the destination port will be 53. the
source port will be 53 as well if you
have an old dns server or a new one that
has been told to use port 53 as the source
port for queries. if you have a new dns server
and haven't told it to use source port 53, or
if you need to allow dns clients to make queries
directly, the source port will be >= 1024.
you will need udp and possible tcp.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.