Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Nameserver behind gateway - ports
  • From: ic_admin <admin@xxxxxxxxxxxx>
  • Date: Tue, 05 Feb 2002 15:17:18 +0100
  • Message-id: <3C5FE96E.1070702@xxxxxxxxxxxx>
Hi List,

I've a problem with the udp-ports for dns (53); this is my network:

INTERNET <--> Gateway <--> Public_Server (DNS-Server)

The gateway is a packet filter (running iptables). My nameserver are behind the gateway and they are configured as primary dns. The zonetransfer is ok (allow requests tcp on port 53) but my problems are the needed udp-ports. At the moment the following ports are open:

Request: client above 1023 -> server (named) port 53 UDP

Response: server port 53 -> client port request was sent from UDP

name server to name server: 53 -> 53 53 <- 53 UDP

Everything in my gateway is logged (if a rule doesn't match) and I've many requests from clients using an UDP-port smaller 1024 for connections to port 53! Sometimes are reserved ports used:

Request: client above 137 -> server (named) port 53 UDP

Is this OK?
Which ports do I really need and where can I find a short description?
I tried to read and understand the rfc's but ...


Thanks for help.


Regards


Ruediger Doerlich

InterConcept GmbH
Drosselweg 27
D-61462 Koenigstein


< Previous Next >
Follow Ups