[gentoo-user] OT -More DNS problems - firewall?
I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On 12/19/05, Michael Sullivan [EMAIL PROTECTED] wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? Is it possible that your ISP is blocking it? -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On Mon, 2005-12-19 at 14:53 -0700, Richard Fish wrote: On 12/19/05, Michael Sullivan [EMAIL PROTECTED] wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? Is it possible that your ISP is blocking it? -Richard When I signed up for this internet service they PROMISED me that the only ports they block are three ports (I don't remember the exact ports, but they were between 100 and 150) that were only used by Microsoft servers. I would call them and ask them about it, but I've had about all the BS I can stand for today.. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On Dec 19, 2005, at 4:31 PM, kashani wrote: Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? if you are going to open up ports on your router, I would STRONGLY suggest you go ahead and set up some iptables rules on your server. Just 16+ years of sysadmin paranoia talking What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On Mon, 2005-12-19 at 14:31 -0800, kashani wrote: Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani The address of espersunited.com should have been 24.117.226.93. The address of 192.168.1.2 for bullet.espersunited.com the internal address of bullet. The external address should have been 24.117.226.93, and I still can't telnet 24.117.226.93 port 53 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On Mon, 2005-12-19 at 17:23 -0600, John Jolet wrote: On Dec 19, 2005, at 4:31 PM, kashani wrote: Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? if you are going to open up ports on your router, I would STRONGLY suggest you go ahead and set up some iptables rules on your server. Just 16+ years of sysadmin paranoia talking What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani -- gentoo-user@gentoo.org mailing list The router provides my firewall. I already have ports open for sshd, www, smtp, ftp, pop3, and imap. Why would I need another firewall on the PC itself? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] OT -More DNS problems - firewall?
On Dec 19, 2005, at 5:46 PM, Michael Sullivan wrote: On Mon, 2005-12-19 at 17:23 -0600, John Jolet wrote: On Dec 19, 2005, at 4:31 PM, kashani wrote: Michael Sullivan wrote: I've gotten my named server working like I want it to, except that computers outside my network can't see it. I've opened up port 53 on my router so that extra-network hosts could use it, but they still can't. I'm not running a firewall on my server box as far as I know. How can I find what's causing this? if you are going to open up ports on your router, I would STRONGLY suggest you go ahead and set up some iptables rules on your server. Just 16+ years of sysadmin paranoia talking What ever you did in the last 5 minutes seems to have fixed it as an nmap against your box showed no DNS ports open originally and now it does. [EMAIL PROTECTED] ~ $ dig @espersunited.com www.espersunited.com ;; QUESTION SECTION: ;www.espersunited.com. IN A ;; ANSWER SECTION: www.espersunited.com. 10800 IN CNAME bullet.espersunited.com. bullet.espersunited.com. 10800 IN A 192.168.1.2 kashani -- gentoo-user@gentoo.org mailing list The router provides my firewall. I already have ports open for sshd, www, smtp, ftp, pop3, and imap. Why would I need another firewall on the PC itself? a little thing we like to call defense in depth. you firewall at the perimeter, and you firewall at the hosts, or between the layers. this prevents a compromise of an internal host from cascading. -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list