Results 1 to 6 of 6
I am running a small network at home, a box running debain 3.1, a box running windows xp, and the NAT/FIREWALL box also debian 3.1. I`m running bind9 on the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-11-2005 #1
I`m running bind9 on the NAT box to do DNS and I`ve been trying to make a rule stop the dns server being seen on from the internet.
On the NAT the nic cards are as follows :
windows box eth0
debian box eth2
My attemp to achive this is this.
iptables -A INPUT -i eth1 -p tcp --dport 53 -j DROP
PORT STATE SERVICE
53/tcp open domain
What am I doing wrong good people ???
- 12-16-2005 #2
From where do you scan the ports ? The command you've issued block only connections coming from internet. By the way, don't forget to block 53/udp as well -- most queries are done using udp.
- 12-17-2005 #3
I`m scaning from a friends computer over the internet.
I`ll add a rule for UDP later. Thanks for reminding me
- 12-17-2005 #4
And in what order do you apply the rules ? Try
iptables -I INPUT 1 -i eth1 -p tcp --dport 53 -j DROP
to let the rule apply as first, before others.
- 12-19-2005 #5
- Join Date
- Apr 2005
- Buenos Aires, Argentina
I would just do..
iptables -A INPUT -p tcp --dport 53 -j DROP iptables -A INPUT -p udp --dport 53 -j DROPserzsite.com.ar
"All the drugs in this world won\'t save you from yourself"
- 12-20-2005 #6Originally Posted by serz