Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: [suse-security] SuSE firewall2 configuration for zone transfer
  • From: "M. Edwin" <edwin@xxxxxxxxx>
  • Date: Wed, 23 Jul 2003 15:10:19 +0800
  • Message-id: <20030723151019.M65769@xxxxxxxxx>
It means I also have to open highport TCP and TCP 53, right?
My current firewall setting for TCP high port is

FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"

regards,
Edwin

> Hi there,
>
> DNS Requests from Server to Server normaly uses UDP 53 (Source and
> Destination Port). However, if problems occur or packet size is > 512
> bytes, it will change to Source Port >=1024 TCP and destination port
> 53 TCP.
>
> Cheers
> Knut Erik
>
> -----Original Message-----
> From: M. Edwin [mailto:edwin@xxxxxxxxx]
> Sent: Tuesday, July 22, 2003 1:36 PM
> To: suse-security@xxxxxxxx
> Subject: [suse-security] SuSE firewall2 configuration for zone transfer
>
> Hi list,
>
> I just setup name server for our domain. I allow-transfer on named.conf
> to external server outside our domain for secondary name server.
>
> allow-query { any; };
> allow-transfer { 202.158.40.1; };
>
> When I check on the log (/var/log/messages) there are several lines show
> that the zone transfer to that server on highport is not allow like this
> one:
>
> Jul 22 13:25:25 mail /usr/sbin/named[28877]: client
> ::ffff:202.158.40.1#54516: zone transfer denied
>
> I think it is because the firewall, so I check the firewall
> configuration. But I think everything is Ok (correct me if I'm wrong)
> . I put the lines
>
> FW_SERVICES_EXT_UDP="53" FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain"
>
> Anybody can give me advice?
>
> Kind Regards,
> M. Edwin
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here


-----------------------------------
PT. Nusantara Systems International (http://www.nsi.co.id)


< Previous Next >
Follow Ups
References