Re: [CentOS] Iptables not blocking UDP port 53
Sean Carolan wrote: I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules: If it is behind a gateway router, how is port 53 traffic getting from the internet to that DNS server in the first place. Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS server, then the SOURCE IP will not be the IP of the forwarding device, but the IP of the machine making the request. If this device is really behind a firewall why are you even forwarding any traffic to it from port 53 in the first palce? signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Iptables not blocking UDP port 53
On Fri, Jul 11, 2008 at 7:03 PM, Johnny Hughes [EMAIL PROTECTED] wrote: Sean Carolan wrote: I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules: If it is behind a gateway router, how is port 53 traffic getting from the internet to that DNS server in the first place. Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS server, then the SOURCE IP will not be the IP of the forwarding device, but the IP of the machine making the request. If this device is really behind a firewall why are you even forwarding any traffic to it from port 53 in the first palce? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Assuming a SOHO LinkSys firewall preferably with dd-wrt alternative firmware. Are you sure this DNS Server is not in the DMZ? Are you sure the port isn't opened under the UPnP section? It is conceivable that mDNS / AVAHI with a UPnP router automatically open this port on the firewall. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Iptables not blocking UDP port 53
I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules: -A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT -A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT Further down the ruleset I have these rules to allow traffic from everyone else. If these rules are removed then nobody can make queries, because of the final default REJECT rule. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT I have used tcpdump and confirmed that packets are in fact still coming across from internet hosts. What am I doing wrong? [EMAIL PROTECTED]:~]$ sudo tcpdump -n udp port 53 | grep 10.100.1.1 tcpdump: listening on eth0 14:46:40.539995 10.100.1.1.60793 10.100.1.61.domain: 62011+ A? server.domain.com. (32) (DF) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos