Re: DNS on firewall computer with problems

From: Christian Wiese (Christian.Wiese@web.de)
Date: 06/07/02 

From: Christian.Wiese@web.de (Christian Wiese)
Date: 6 Jun 2002 23:20:00 -0700

RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message news:<LPZXMJZF7OGW1112WK2BPDGYnHiATlE@blackhole.mit.edu>...

> You need UDP and TCP both.
>
> <quoting>
> http://rtfm.mit.edu/pub/usenet/news.answers/internet/tcp-ip/domains-faq
> Prot Src Dst Use
> udp 53 53 Queries between servers (eg, recursive queries)
> Replies to above
> tcp 53 53 Queries with long replies between servers, zone
> transfers Replies to above
> udp >1023 53 Client queries (sendmail, nslookup, etc ...)
> udp 53 >1023 Replies to above
> tcp >1023 53 Client queries with long replies
> tcp 53 >1023 Replies to above
> Note: >1023 is for non-priv ports on Un*x clients. On other client
> types, the limit may be more or less...

The Problem is fixed. Perhaps that one of the your infos are the
reason.

My way to find the wrong lines in the firewall script are:
Create a new little firewall script. Close inside it all things, open
ohny SSH and old connectivitys.
Logg all things.

And Firewall and DNS does - fine!

Than I add step by step my old firewall rules in the new script and
test after every insert. Within this work I fond some drop lines,
which are the reason of the problem.

Now is all fine.

But ATTENTION - ethereal sniff all packages directly on the eth*.
ethereal sniff all incomming and outgoing packages. And the firewall
log file logg also the querys and the responses of the company DNS. I
think all DNS packages pass the firewall. But the firewall doesn't
work. Perhabs are the reason in your infos.
 I havn't sufficiently time to find out what firewall rule in special
was the reason. Let it be ....

Thanks you all for your help and that you spend me some times to help
me.

Christian Wiese

Relevant Pages