[techtalk] Default Deny
Jamie Walker
jj.walker at auckland.ac.nz
Fri Jan 28 08:32:07 EST 2000
Subba Rao wrote:
> I cannot go out to the Web nor resolve any DNS names. Mail will not go out.
> My system does have a small DNS which forwards requests to my ISP's nameserver.
> Nothing really works.
[snip]
> ipchains -A input -i ppp0 -p UDP -s I.S.P.NS -d $LOCALIP 53 -j ACCEPT
> ipchains -A input -i ppp0 -p UDP -s I.S.P.NS1 -d $LOCALIP 53 -j ACCEPT
These two rules are both assuming that DNS requests are going out with a
source port of 53. Quite often nowadays DNS uses non-privileged source
ports (ie, not < 1024) so this might be what's breaking DNS. If DNS is
broken, that probably doesn't help web or mail traffic. :-/
--
Work: jj.walker at auckland.ac.nz Home: jamiew at clear.net.nz
ICQ: 5632563 or shout loudly
************
techtalk at linuxchix.org http://www.linuxchix.org
More information about the Techtalk
mailing list