Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
iptables configuration for BIND
Results 1 to 4 of 4

Thread: iptables configuration for BIND

  1. #1

    iptables configuration for BIND

    Hello,

    I am running a BIND 9.3.2 nameserver to host my own domain. It is running smoothly and queries requests like a champ. This machine has a public IP and I would like to use iptables to lock it down. When I run my iptables script, I think the nameserver is still resolving for people outside my network and zone transfers to secondary servers (outside my network) seem to be working, but when I try to run a dig or nslookup locally on the nameserer, it times out. If I flush my iptables rules, then the local commands work fine. Can someone point out to me what might be wrong? Here are the commands I am running in my script:

    # allow outside dns requests
    iptables -A INPUT -s 0/0 -p tcp --dport 53 -j ACCEPT
    iptables -A INPUT -s 0/0 -p udp --dport 53 -j ACCEPT

    # allow ssh connection from local network
    iptables -A INPUT -s 192.168.0.0/16 -p tcp --dport 22 -j ACCEPT

    # allow icmp traffic
    iptables -A INPUT -s 0/0 -p icmp -j ACCEPT

    # block all other traffic
    iptables -A INPUT -s 0/0 -p all -j DROP

  2. #2
    Junior Member girlygeek's Avatar
    Join Date
    Jan 2006
    Posts
    54
    You should also have a rule that allows all queries to localhost (127.0.0.1).

    You also probably need an OUTPUT statement somewhere that allows replies on established TCP connections (with the ACK bit set) and regular UDP stuff.

    Try logging that final drop and see what it outputs to /var/log/messages.

  3. #3
    Senior Member
    Join Date
    May 2004
    Location
    Pakistan
    Posts
    253

    Re:

    Dear bkesting,
    Hello,

    If you are not much sure about iptables then you can use APF Firewall.

    FYI, http://www.rfxnetworks.com

    If you have any difficulties in installation and configuration let me know

    Best Regards.
    Frrkh hmd

  4. #4
    I added the following commands to fix my problem........

    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT

    and added the following to my named.conf file:

    query-source address * port 53;

    All seems to be working fine now

Similar Threads

  1. BIND configuration
    By rhel in forum Redhat / Fedora
    Replies: 0
    Last Post: 04-23-2012, 02:01 PM
  2. dns/bind and /etc/hosts
    By ph34r in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 12-06-2008, 06:36 AM
  3. iptables configuration
    By bkesting in forum Security
    Replies: 2
    Last Post: 01-22-2007, 04:06 PM
  4. Bind IP With MAC??/
    By sapheroth in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 09-20-2006, 11:42 AM
  5. Bind won't resolv
    By kenshi in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 12-30-2001, 06:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •