I'm still having difficulty with nslookup from another machine and domain transfer even though I've opened up ports UDP 53 and TCP 53. If I turn off ipchains completely, then all works ok. Anybody know what other ports / protocols should I be looking at?
I'm new to ipchains. I've just enabled the medium security option using lokkit, and added input port 53 as mentioned above. Any advice would be welcome - I'd like to avoid turning off the firewall completely! thanks /j-p. On Fri, 27 Sep 2002, Mike Burger wrote: > The outgoing port is always going to be something higher...the destination > port is 53. > > On Fri, 27 Sep 2002, john-paul delaney wrote: > > > Thanks Mike... I've turned on 53/tcp (as well as 53/udp) as you suggest and will >force a reload to test. I still have a problem with lookups from the internet, as in >the following tcpdump extract: > > > > - > justatest.com.domain: 12+ A? linuxdoc.org. (30) > > 05:53:27.724911 justatest.com > ppp-233-153.24-151.libero.it: icmp: justatest.com >udp port domain unreachable [tos 0xc0] > > > > At times tcpdump gives the port number (usually a 3xxx number). However it >changes each time the named process is restarted. > > > > Again, if I open up the firewall everything is ok. I added to the input chain to >allow all icmp packets through but it didn't help any. > > > > Any further guidance is greatly appreciated, > > /j-p. > > > > > > > > > > > For zone transfers, you need to open up port 53/tcp in your firewall. > > > 53/udp is strictly for lookups. > > > > > > > > After upgrading from rh7.0 to 7.3, I've found that Bind doesn't work for zone >updates (I'm using a hidden primary nameserver which refreshes secondary.com >nameservers) nor the dig command from the internet even though I had allowed incoming >traffic to port 53 (I'm new to ipchains too). All outbound traffic is accepted. > > > > > > > > Running tcpdump, I kept getting an error "UDP port domain unreachable". It >was only when I completely turned off ipchains (eek!) that everything cleared up and >Bind worked again. > > > > > > > > > > > > -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
