In response to MaD dUCK's ipchains rules to allow DNS traffic to your forwarders: Note that more often than not, DNS queries are performed with UDP and not TCP. You will want to allow UDP packets to port 53 on your forwarders outbound and 'response' packets back in. Probably the safest and most efficient way to provide DNS is to run a server (the most recent BIND 8 or Bernstein's DNS tools) on the gateway machine, configured to cache only and to query from a specific port. That way you don't have to open up a large range of UDP and TCP ports to a large number of hosts. And you get the added benefit of DNS caching. Beware of BIND vulnerabilities, though, you need to keep up to date with those and upgrade appropriately. HTH Tobias
damn, i wanted to write something more but it would not jump to mind. udp. of course. hey, will anyone of you guys out there look at my quick-hack ipchains for my laptop and tell me if that looks alright. you may have noticed, i am a(n enthusiastic) beginner at ipchains. martin madduck@madduck.net (greetings from the heart of the sun)
participants (2)
-
MaD dUCK
-
Reckhard, Tobias