Ipchains Woes

[Carl Parrish]

I haven't relly been following this thread Steve so I apologise in
advance if this has already been covered. I think the ipchains rule I
have set up for DNS is 

ipchains -A output -i $OUTSIDE_INTERFACE -p udp \
	-s $IP_ADD $UNPRIVPORTS \
	-d $NAMESERVER_1 53 -j ACCEPT

Of course you will have to change the variable here to what works on
your system. 
$OUTSIDE_INTERFACE should be the nic card you have speaking to the work 
$IP_ADD Is your external ipaddress. and $NAMESERVER_1 is your first DNS
server. 

Carl P.  

On Tue, 2002-02-26 at 22:43, Kevin Brown wrote:
> 53 UDP
> 
> Steve Holmes wrote:
> > 
> > More developments with my ipchains situation is that if I put
> > ipchains -A input -p icmp -i eth1 -j ACCEPT
> > where eth1 is my internet connection, I can successfully ping hosts if I
> > use numeric i/p addresses.  However, I still can't get responses from my
> > DNS.  I think I need to open up a port for responses from a DNS.  Even the
> > dig command hangs.  Do you know what port and protocol should be opened up
> > for DNS replies?
> > 
> > I don't have a thurough knowlege of TCP/IP just yet <sigh>  and my
> > /etc/services doesn't have an entry for dns.  It has one for domain (port
> > 53) but trying that didn't do it for me either.
> > 
> > Any more ideas?  Starting to break through this thing once and for all:).
> > 
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > 
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss