Re: [leaf-user] dnscache vs. dmz ???

Michael D. Schleif Thu, 10 Oct 2002 20:45:52 -0700


Matthew Schalit wrote:


<snip />

> Please tell me you've added ipchains -l logging to every packet
>          1)  inbound on dmz nic
>          2)  outbound from dmz nic
>          3)  inbound on internal nic
>          4)  outbound on internal nic
>          5)  forwarded by any forward rule
> 
> and repost the trail of a dns request from the dmz, judiciously snipping
> and trimming if you please.

NOTE: I haven't yet figured out how to get the forward/MASQ chain to log
properly.

Here is the log for czar (64.4.197.69) doing this:

        ping cdw.com

As you know, from previous posts, tinydns-public is on 64.4.197.65 . . .

Oct 10 22:59:46 bluetrout kernel: Packet log: input - eth1 PROTO=17
64.4.197.69:32779 64.4.197.65:53 L=53 S=0x00 I=65163 F=0x4000 T=64 (#6)
Oct 10 22:59:51 bluetrout kernel: Packet log: input - eth1 PROTO=17
64.4.197.69:32780 64.4.222.157:53 L=53 S=0x00 I=128 F=0x4000 T=64 (#6)
Oct 10 22:59:52 bluetrout kernel: Packet log: output - eth1 PROTO=17
64.4.197.65:53 64.4.197.69:32780 L=85 S=0x00 I=30547 F=0x0000 T=64 (#5)
Oct 10 22:59:52 bluetrout kernel: Packet log: input - eth1 PROTO=1
64.4.197.69:3 64.4.197.65:3 L=113 S=0xC0 I=26128 F=0x0000 T=255 (#6)
Oct 10 22:59:56 bluetrout kernel: Packet log: input - eth1 PROTO=17
64.4.197.69:32779 64.4.197.65:53 L=53 S=0x00 I=65164 F=0x4000 T=64 (#6)
Oct 10 23:00:01 bluetrout kernel: Packet log: input - eth1 PROTO=17
64.4.197.69:32780 64.4.222.157:53 L=53 S=0x00 I=129 F=0x4000 T=64 (#6)
Oct 10 23:00:01 bluetrout kernel: Packet log: output - eth1 PROTO=17
64.4.197.65:53 64.4.197.69:32780 L=85 S=0x00 I=30569 F=0x0000 T=64 (#5)
Oct 10 23:00:01 bluetrout kernel: Packet log: input - eth1 PROTO=1
64.4.197.69:3 64.4.197.65:3 L=113 S=0xC0 I=26129 F=0x0000 T=255 (#6)
Oct 10 23:00:07 bluetrout kernel: Packet log: input - eth1 PROTO=17
64.4.197.69:32780 64.4.197.65:53 L=70 S=0x00 I=1631 F=0x4000 T=64 (#6)
Oct 10 23:00:07 bluetrout kernel: Packet log: output - eth1 PROTO=17
64.4.197.65:53 64.4.197.69:32780 L=122 S=0x00 I=30587 F=0x0000 T=64 (#5)

This is based on this link, posted prior to this Email timestamp:

        <http://www.helices.org/tmP/ipchains.bluetrout.txt>

What do you think?

-- 

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] dnscache vs. dmz ???

Reply via email to