Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] SuSE firewall2 configuration for zone transfer
  • From: "M. Edwin" <edwin@xxxxxxxxx>
  • Date: Fri, 25 Jul 2003 14:11:01 +0700
  • Message-id: <67398961AC46B34F9714651170DAD43C2EC73E@xxxxxxxxxxxxxxxxxxxx>
Dear all,

The problem already solved. I check again the firewall log, and I found
that something went wrong. The server rejected the packet from our
secondary dns server from port 53 (source=53 and several destination on
high port). I don't know why this happen. I'm sure that I already open
the TCP and UDP 53. I restart the firewall2 and named service but this
problem still happened. So I decided to reboot the server. After reboot,
everything goes to normal, and the zone transfer running automatically,
even that both UDP and TCP highport packet is not allow on firewall
configuration.

Thanks for all your help and suggestion.

Kind Regards,
M. Edwin

-----Original Message-----
From: Kringstad, Trond [mailto:trond.kringstad@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, July 24, 2003 5:34 PM
To: Moh Edwin
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer

Have you checked your logs ? Im using bind9 with zone transfer of
28 zones. The only ports opened in the firewall is UDP/TCP 53 inbound.

Trond

-----Original Message-----
From: M. Edwin [mailto:edwin@xxxxxxxxx]
Sent: 24. juli 2003 04:58
To: 'Knut Erik Hauslo'
Cc: suse-security@xxxxxxxx
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer

Hi,

I opened all highport, but still the zone cannot transfer.
I used Bind9 and my named.conf is very standard, and I put the
allow-transfer on global options. Do you have other suggestion?

Kind Regards,
M. Edwin

-----Original Message-----
From: Knut Erik Hauslo [mailto:KNUTH@xxxxxxxxxxxx]
Sent: Wednesday, July 23, 2003 3:48 PM
To: Moh Edwin
Cc: suse-security@xxxxxxxx
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer

Correct, you need to open Highports_TCP too. However, I did encounter
some problems when using FW_ALLOW_INCOMIN_HIGHPORTS_TCP="ftp-data" so i
changed ftp-data to yes.


Cheers,
Knut Erik

-----Original Message-----
From: M. Edwin [mailto:edwin@xxxxxxxxx]
Sent: Wednesday, July 23, 2003 9:10 AM
To: Knut Erik Hauslo
Cc: suse-security@xxxxxxxx
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer


It means I also have to open highport TCP and TCP 53, right?
My current firewall setting for TCP high port is

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"

regards,
Edwin


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >