Re: SuSeFirewall config

From: Paranoid about Spam (please_at_dont.spam.me)
Date: 07/10/04 

Date: Sat, 10 Jul 2004 11:24:32 GMT

Sorry, I should have provided more information.

Yes, I do have a good reason for running a dns server :) It's for my
small business, and we run our own dns.

The remainder of the firewall seems to work ok. http and https
connections work fine.

I've tested by running nslookup from my home pc with our dns server set
as the server.

With the firewall started, I cannot get a response. With the firewall
stopped, I get responses just fine.

I'm not trying to use the firewall to protect a network, just as an
additional layer of security on the server itself. I want to block all
requests on ports that I'm not actively using.

I cannot telnet or ssh into port 53 from home regardless. I seem to be
able to from localhost, but I don't get any info from the session.

houghi wrote:

> Paranoid about Spam wrote:
>
>>I've tried to set the firewall up for my server, but I'm having problems.
>>
>>I'm using yast to config the firewall.
>>
>>I tried to set up dns service by entering "domain" as an additional
>>service. DNS requests are still blocked. I've also tried entering the
>>number 53, but that doesn't work either.
>>
>>Am I confused about the port that dns runs on, or do I have to do an
>>extra configuration for high numbered UDP ports or something like that?
>
>
> Do you have a fixed IP? If not, there is no reason you should be running
> a DNS server. The firewall goes from out to in. What are you trying to
> do exactly?
>
> You are confusing two problems here. 1 is the firewall, the other is
> running a DNS server. Start with the first thing. Can you reach port 22
> if you open it (Asuming you have ssh running).
>
> If that works, run ssh on port 53 and try again on that port. If that
> works, there is no problem with the firewall. If that does not work, we
> can investigate further.
>
> So first step one. Does the rest on your firewall work or not and how do
> you test it?

Relevant Pages

  • Re: Backgroun dnoise
    ... has alredy timed that session out. ... >> If the firewall is blocking internet access to that addy, ... it is directed to Port 1099 and uses source port 53 coming from ... > even shows you that it _is_ a DNS server. ...
    (comp.security.firewalls)
  • Re: SuSeFirewall config
    ... > I've tested by running nslookup from my home pc with our dns server set ... > With the firewall started, ... > I cannot telnet or ssh into port 53 from home regardless. ...
    (alt.os.linux.suse)
  • Re: SuSeFirewall config
    ... > I've tested by running nslookup from my home pc with our dns server set ... > With the firewall started, ... > I cannot telnet or ssh into port 53 from home regardless. ...
    (alt.os.linux.suse)
  • Re: Firewalls - Reviewed
    ... :I'm looking for a solid but fairly priced firewall that will ... I've ever encountered a firewall appliance that was also a DNS server. ... Port forwarding is very common, even in low-end devices that do not ... DNS address translation is a convenience. ...
    (comp.security.firewalls)
  • Re: Can Not Ping By Name
    ... >>> Make sure there's no firewall packaged with the VPN client. ... >>DNS server is the same physical server as the Exchange, ... > Network problem solving - general advice: ...
    (microsoft.public.windowsxp.network_web)