Re: DNS on the Linux iptables box
From: Andres Bohren (info_at_icewolf.ch)
Date: 04/28/03
- Next message: Jem Berkes: "Re: Recent ptrace exploit effected by chroot?"
- Previous message: Tobias Klausmann: "Re: Hacked - again"
- In reply to: Jason: "DNS on the Linux iptables box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Apr 2003 15:24:12 +0200
> I want my linux box to be the iptables box and the DNS in the same time.
> In a dmz network environment, do I need to forward the dns packet to the
> linux box itself? or the INPUT / OUTPUT chain will receieve and send out?
> Any help will be appreciated.
#For external DNS Requests
iptables -A INPUT -d $EXT_IP --dport 53 -p udp -j ACCEPT
iptables -A OUTPU -s $EXT_IP --sport 53 -p udp -j ACCEPT
# For external ZONE Transfers to your 2ndary DNS Server
iptables -A INPUT -s $2DNS_IP -d $EXT_IP --dport 53 -p tcp -j ACCEPT
iptables -A OUTPU -s $EXT_IP -d $2DNS_IP --sport 53 -p tcp -j ACCEPT
#Enable IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Forward DNS Requests from your DMZ
iptables -A FORWARD -s $DMZ_NET -d $EXT_DNS_IP -p udp -dport 53 -j ACCEPT
iptables -A FORWARD -s $EXT_DNS_IP -d $DMZ_NET -p udp -dport 53 -j ACCEPT
mfg
Andres Bohren
- Next message: Jem Berkes: "Re: Recent ptrace exploit effected by chroot?"
- Previous message: Tobias Klausmann: "Re: Hacked - again"
- In reply to: Jason: "DNS on the Linux iptables box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
