dns & firewall configuration question

nihilo

I've checked google and the forums for firewall configuration to allow dns, but I cannot seem to get my firewall (iptables) configured properly so that the dns queries can get out and in. I have tried opening ports 53, 67, and 68, but dns still sometimes does not work. Stopping the firewall immediately fixes the problem. I have a cable modem (at&t broadband). Any other at&t broadband customers who could tell me how they have their firewall configured to use at&t's dns servers (which ports, protocols, etc.)??

thanks...

delta407 · Posted: Sun Dec 29, 2002 5:34 am Post subject:

Make sure port 53, UDP, can get in and out. Are you simply firewalling or doing some NAT as well?
_________________
I don't believe in witty sigs.

Xor · Tux's lil' helper Joined: 07 Jul 2002 Posts: 144

my advise

these apply for TCP and UDP and are meant to be used in a statefull firewall

outbound: from highports and dns port to dns port
inbound: to dns port from highports and dns port

regards
xor

TrippyZ · n00b Joined: 04 Dec 2002 Posts: 38

Please post a copy of your setup script, or the output of iptables-save.

In the meantime, you only need to let the query out with a '-p udp --dport 53', as you usually let the replies reenter through a ' ESTABLISHED, RELATED -j ALLOW'

I alway like to have a sniff with tcpdump anyhow just to find out a bit more of whats going on.

nihilo · Posted: Mon Dec 30, 2002 10:36 pm Post subject: thanks, success

thanks for the help. I am using kmyfirewall, and it seems that the new script (with dns ports open) wasn't being used after all. Now that I made sure that outbound on 53 is allowed, it seems to be working.

thanks again.