ipchains and nslookup for qmail

Fri, 16 Feb 2001 23:25:17 -0800

Hi,
 
   I have a questions about "ipchains" and "nslookup for qmail" to ask.  Currently, I am using a DENY EVERYTHING by DEFAULT ipchains firewall.  Once the firewall is started, I am not able to do a "nslookup" at my machine.  So, what port do I have to open in order to perform a "nslookup" job.  Also, qmail won't be able to resolve a remote site name if nslookup is not allowed.  Is this correct ??
 
Below is my firewall script for DNS.  once I used the below firewall script, then I am not able to do a "nslookup".  Please tell me what port do I have to open for nslookup.

# Local client to server DNS transaction
 
ipchains -A output -i $external_interface -p udp \
         -s $ipaddr $unprivports \
         -d $anywhere 53 -j ACCEPT
 
ipchains -A input -i $external_interface -p udp \
         -s $anywhere 53 \
         -d $ipaddr $unprivports -j ACCEPT
 
ipchains -A output -i $external_interface -p tcp \
         -s $ipaddr $unprivports \
         -d $anywhere 53 -j ACCEPT
 
ipchains -A input -i $external_interface -p tcp ! -y \
         -s $anywhere 53 \
         -d $ipaddr $unprivports -j ACCEPT
 
ipchains -A output -i $external_interface -p udp \
         -s $ipaddr 53 \
         -d $anywhere 53 -j ACCEPT
 
ipchains -A input -i $external_interface -p udp \
         -s $anywhere 53 \
         -d $ipaddr 53 -j ACCEPT
 
# ---------------------------------------------------------------
 
# Remote Client Lookup
 
ipchains -A input -i $external_interface -p udp \
         -s $anywhere $unprivports \
         -d $ipaddr 53 -j ACCEPT
 
ipchains -A output -i $external_interface -p udp \
         -s $ipaddr 53 \
         -d $anywhere $unprivports -j ACCEPT
 
ipchains -A input -i $external_interface -p tcp \
         -s $anywhere $unprivports \
         -d $ipaddr 53 -j ACCEPT
 
ipchains -A output -i $external_interface -p tcp ! -y \
         -s $ipaddr 53 \
         -d $anywhere $unprivports -j ACCEPT
 
 
 
# Server to server DNS transaction
 
ipchains -A input -i $external_interface -p udp \
         -s $anywhere 53 \
         -d $ipaddr 53 -j ACCEPT
 
ipchains -A output -i $external_interface -p udp \
         -s $ipaddr 53  \
         -d $anywhere 53 -j ACCEPT
 
# Resolv.conf lookup
 
ipchains -A output -i $external_interface -p udp \
         -s $ipaddr $unprivports \
         -d $anywhere 53 -j ACCEPT
 
ipchains -A input -i $external_interface -p udp \
         -s $anywhere 53 \
         -d $ipaddr $unprivports -j ACCEPT
 
ipchains -A output -i $external_interface -p tcp \
         -s $ipaddr $unprivports \
         -d $anywhere 53 -j ACCEPT
 
ipchains -A input -i $external_interface -p tcp ! -y \
         -s $anywhere $53 \
         -d $ipaddr $unprivports -j ACCEPT
 
Thank you so much,
 
Mark
 

Reply via email to