Topic awaiting preservation: iptables screwed (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12908" title="Pages that link to Topic awaiting preservation: iptables screwed (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: iptables screwed <span class="small">(Page 1 of 1)</span>\$

Kriek Maniac (V) Inmate From: Florida Insane since: Jul 2001	posted 09-26-2003 17:10 [resolved] Thanks guys. [This message has been edited by Kriek (edited 10-14-2003).]
InI Paranoid (IV) Mad Scientist From: Somewhere over the rainbow Insane since: Mar 2001	posted 09-26-2003 17:24 The poster has demanded we remove all his contributions, less he takes legal action. We have done so. Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future. Don't follow his example - seek real life help first.
Kriek Maniac (V) Inmate From: Florida Insane since: Jul 2001	posted 09-26-2003 22:32 Sorry, I will try to be more specific. When iptables are on it is blocking ALL DNS queries, everything was fine untill someone started re-configuring the iptables, now the ensim box is dropping me when iptables are on. I need someone to look at the iptables and tell me what is incorrect, if anything at all, and an idea on what to do about this, that's it. __________________ Kriek says '[SYSTEMWIDE_MESSAGE] PHP Meetup' What we do is never understood; only praised and blamed
Synthetic Paranoid (IV) Inmate From: under your rug, Insane since: Jul 2001	posted 09-29-2003 20:51 There is a good tutorial here that might be of use, it comes in HTML or Chunky HTML Also if you haven't tried it yet, iptables-restore might help. I noticed the "# Firewall configuration written by lokkit" what brand of lokkit are you using? [This message has been edited by Synthetic (edited 09-29-2003).]
dl748 Obsessive-Compulsive (I) Inmate From: Michigan Insane since: Oct 2003	posted 10-02-2003 07:45 I noticed you only have 53 udp open, DNS querying also uses tcp depending on the application, although i never set my final filter to REJECT, I usually use DROP.
Tyberius Prime Paranoid (IV) Mad Scientist with Finglongers From: Germany Insane since: Sep 2001	posted 10-02-2003 10:08 yeah.., I'd guess for tcp port 53 as well. but come in again, now, son, why do you want to do this? I suppose this is a single box, connected directly to the net? Am I right? So what in the name of the great dragon do you want with an iptables firewall on it?!? All services that need to have ports open, need to have them open anyway to be accessible... and as for everything else: either tie it to localhost (which never get's routed out), or shut it down! (now ,if this was actually a firewall machine before a network, forget what I said... it doesn't look like it, but then, I'm not a pro at iptables specifically.)

Topic awaiting preservation: iptables screwed (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=12908" title="Pages that link to Topic awaiting preservation: iptables screwed (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: iptables screwed <span class="small">(Page 1 of 1)</span>\$

Kriek
Maniac (V) Inmate

From: Florida
Insane since: Jul 2001

posted 09-26-2003 17:10

[resolved]

Thanks guys.

[This message has been edited by Kriek (edited 10-14-2003).]

InI
Paranoid (IV) Mad Scientist

From: Somewhere over the rainbow
Insane since: Mar 2001

posted 09-26-2003 17:24

The poster has demanded we remove all his contributions, less he takes legal action.
We have done so.
Now Tyberius Prime expects him to start complaining that we removed his 'free speech' since this message will replace all of his posts, past and future.
Don't follow his example - seek real life help first.

Kriek
Maniac (V) Inmate

From: Florida
Insane since: Jul 2001

posted 09-26-2003 22:32

Sorry, I will try to be more specific. When iptables are on it is blocking ALL DNS queries, everything was fine untill someone started re-configuring the iptables, now the ensim box is dropping me when iptables are on. I need someone to look at the iptables and tell me what is incorrect, if anything at all, and an idea on what to do about this, that's it.

__________________

Kriek says '[SYSTEMWIDE_MESSAGE] PHP Meetup'
What we do is never understood; only praised and blamed

Synthetic
Paranoid (IV) Inmate

From: under your rug,
Insane since: Jul 2001

posted 09-29-2003 20:51

There is a good tutorial here that might be of use, it comes in HTML or Chunky HTML

Also if you haven't tried it yet, iptables-restore might help.

I noticed the "# Firewall configuration written by lokkit" what brand of lokkit are you using?

[This message has been edited by Synthetic (edited 09-29-2003).]

dl748
Obsessive-Compulsive (I) Inmate

From: Michigan
Insane since: Oct 2003

posted 10-02-2003 07:45

I noticed you only have 53 udp open, DNS querying also uses tcp depending on the application, although i never set my final filter to REJECT, I usually use DROP.

Tyberius Prime
Paranoid (IV) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted 10-02-2003 10:08

yeah.., I'd guess for tcp port 53 as well.

but come in again,
now, son, why do you want to do this?
I suppose this is a single box, connected directly to the net?
Am I right?
So what in the name of the great dragon do you want with an iptables firewall on it?!?

All services that need to have ports open, need to have them open anyway to be accessible...
and as for everything else: either tie it to localhost (which never get's routed out), or shut it down!

(now ,if this was actually a firewall machine before a network, forget what I said... it doesn't look like it,
but then, I'm not a pro at iptables specifically.)