> iptables -A INPUT -i lo -p all -j ACCEPT
> iptables -A OUTPUT -o lo -p all -j ACCEPT
> iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
> iptables -A INPUT -p tcp -i eth0 --dport 23 -j ACCEPT
> iptables -A INPUT -p udp -i eth0 --dport 23 -j ACCEPT
> iptables -A INPUT -p tcp -i eth1 --dport 23 -j ACCEPT
> iptables -A INPUT -p udp -i eth1 --dport 23 -j ACCEPT
First problem here, ssh use port 22 and tcp only, adjust the rule
> iptables -A INPUT -p tcp -i eth1 --dport 53 -j ACCEPT
> iptables -A INPUT -p udp -i eth1 --dport 53 -j ACCEPT
This sounds fine for accepting dns request from inside.
Try to create an zone on which your dns server is master to
see if inside request are ok.
If it works, this comes from outside requests your dns server has
to make. I think packets coming back in response are dropped, but
it is strange since they should be classified as ESTABLISHED...
Hope this help
--
Maxime
