Re: SuSeFirewall config
From: Paranoid about Spam (please_at_dont.spam.me)
Date: 07/10/04
- Next message: Gauthic: "Re: Kdat"
- Previous message: Gauthic: "Re: newb - extra HD and mount etc?"
- In reply to: Paranoid about Spam: "Re: SuSeFirewall config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 10 Jul 2004 13:16:30 GMT
OK... I figured it out.
For anyone who runs into this problem, here was the solution:
I used yast2/system/sysconfig editor, but you could probably just edit
the file directly.
Under network->firewall
(all values without quotes, quoted here for clarity, case sensitive.)
FW_SERVICES_EXT_TCP needs to include "domain"
FW_SERVICES_EXT_UDP needs to include "domain" (I was missing this one)
also...
FW_ALLOW_INCOMING_HIGHPORTS_TCP needs to be "DNS"
FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "DNS"
FW_SERVICE_DNS needs to be "yes"
I appreciate you're trying to help.
Ref: http://www.robidu.de/en/linux/firewall/#preparation
but I didn't see the HIGHPORTS reference there.
Paranoid about Spam wrote:
> Sorry, I should have provided more information.
>
> Yes, I do have a good reason for running a dns server :) It's for my
> small business, and we run our own dns.
>
> The remainder of the firewall seems to work ok. http and https
> connections work fine.
>
> I've tested by running nslookup from my home pc with our dns server set
> as the server.
>
> With the firewall started, I cannot get a response. With the firewall
> stopped, I get responses just fine.
>
> I'm not trying to use the firewall to protect a network, just as an
> additional layer of security on the server itself. I want to block all
> requests on ports that I'm not actively using.
>
> I cannot telnet or ssh into port 53 from home regardless. I seem to be
> able to from localhost, but I don't get any info from the session.
>
>
> houghi wrote:
>
>> Paranoid about Spam wrote:
>>
>>> I've tried to set the firewall up for my server, but I'm having
>>> problems.
>>>
>>> I'm using yast to config the firewall.
>>>
>>> I tried to set up dns service by entering "domain" as an additional
>>> service. DNS requests are still blocked. I've also tried entering
>>> the number 53, but that doesn't work either.
>>>
>>> Am I confused about the port that dns runs on, or do I have to do an
>>> extra configuration for high numbered UDP ports or something like that?
>>
>>
>>
>> Do you have a fixed IP? If not, there is no reason you should be running
>> a DNS server. The firewall goes from out to in. What are you trying to
>> do exactly?
>>
>> You are confusing two problems here. 1 is the firewall, the other is
>> running a DNS server. Start with the first thing. Can you reach port 22
>> if you open it (Asuming you have ssh running).
>>
>> If that works, run ssh on port 53 and try again on that port. If that
>> works, there is no problem with the firewall. If that does not work, we
>> can investigate further.
>>
>> So first step one. Does the rest on your firewall work or not and how do
>> you test it?
- Next message: Gauthic: "Re: Kdat"
- Previous message: Gauthic: "Re: newb - extra HD and mount etc?"
- In reply to: Paranoid about Spam: "Re: SuSeFirewall config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
