On Fri, Feb 22, 2002 at 12:43:18PM +0100, [EMAIL PROTECTED] wrote: > > The iptables gateway allow only the DNS (udp) traffic to be DNATed throught > the DNS server. Not the SSH, used only internally, and nothing else UDP 53 > packet. > > However, the forward chain log me many and many packets wich come from my > DNS server port 22 to a public external ip. > Since i've not allowed such a connection in my forward chain neither in the > DNAT table, i don't understand how such a behaviour could be happen.
In addition to checking the version of DNS installed on the machine, I would also upgrade to the lastest version of SSH as there are some well known vulernabilities in older ones. That holds true for all software. Have you checked access to your DNS server? I would do an nmap of it from inside and outside to see what ports are open. Glad to see that you're denying all outbound traffic except for DNS traffic, most people just say "everything outbound is okay" Chris
