Rick Carroll said: > Nate, Thanks for the reply, > My firewall is set up to allow UDP DNS on all ports incoming, and UDP DNS > outgoing on port 1024 and up... I don't claim to know what that's all > about... > I inherited this thing... > > The stuff that's getting blocked is outgoing on ports below 1024... > > Any advice?
this is what I have for my firewall: allow udp from any to 216.39.174.25/32 53 # nameserver 1 allow udp from 216.39.174.25/32 53 to any # nameserver 1 allow udp from any to 216.39.174.24/32 53 # nameserver 2 allow udp from 216.39.174.24/32 53 to any # nameserver 2 (at the end I have a rule that blocks all traffic) this means that servers other then the above cannot query outside nameservers(the request can be sent out, but the reply is blocked). which means that any other servers on my network must use one of those 2 nameservers to resolve addresses. you could have a nameserver that is hard coded to use udp/53 for requests, I hard code mine for this which makes it more firewall-friendly. that is, all requests from my nameserver(s) come from UDP/53 not a random port above 1024. either that or you could have a rogue client or 2 that is trying to query a remote server directly, which in a strict firewall enviornment which you seem to have is generally not a good thing(since it won't work). find the machine on your network which is generating the traffic and re-configure it. or if you don't care, then add a firewall rule which blocks dns traffic from those hosts and does NOT log it. I have a buncha firewall rules which block and do not log since they block so much it would take too much disk space to log it all :) nate -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list