Thanks Henry for getting back to me. I implemented a change similar to
yours, but I still notice that if I try to access the domain in question
(www.jeffmcnurlin.com) from inside my work's firewall, those UDP requests
are DENYed, because for some reason my site is being contacted via ports
numbered *below* 1024. It seems that those are the only DENYed packets
that I notice in my messages log for port 53.
My question is this: is this just a broken NT nslookup thing, or should I
expect other sites to attempt to connect to me from ports > 1024 to my
port 53?
BTW: Could anyone else please see if you can do an nslookup on
www.jeffmcnurlin.com? I just want to know that it can be resolved from as
many other sites as possible. This domain belongs to my brother-in-law and
he has his resume and portfolio posted, so I want to make sure that
recruiters can access his site.
R. Douglas Barbieri
[EMAIL PROTECTED]
http://www.dooglio.net
"There is no case...there never was! It's all just a joke, a big joke!"
--Former Inspector Wollenski
On Tue, 3 Jul 2001, Henry House wrote:
> On Tue, Jul 03, 2001 at 10:09:10PM -0700, Doug Barbieri wrote:
> [snip]
> for server in $NS_SERVERS; do
> ipchains -A output -i $IFACE_INET -p tcp \
> -s $ME 1024:65535 \
> -d $server domain -j ACCEPT
> ipchains -A input -i $IFACE_INET -p tcp \
> -s $server domain \
> -d $ME 1024:65535 -j ACCEPT
> ipchains -A output -i $IFACE_INET -p udp \
> -s $ME 1024:65535 \
> -d $server domain -j ACCEPT
> ipchains -A input -i $IFACE_INET -p udp \
> -s $server domain \
> -d $ME 1024:65535 -j ACCEPT
