The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iptables dns

Discussion in 'Bind / DNS / Nameserver Issues' started by Keegan, Sep 26, 2003.

  1. Keegan

    Keegan Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Possible syntax error, or what else have a messed up here.

    The problem... When iptables are on it is blocking ALL DNS queries, server is slow as beans, all hosting clients are dead in the water.

    Any ideas?

    Code:
    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    #       firewall; such entries will *not* be listed here.
    *filter
    :OUTPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    :INPUT ACCEPT [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A FORWARD -j RH-Lokkit-0-50-INPUT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 20 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 113 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 143 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 443 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 873 -j ACCEPT  --syn
    # Linkpoint API Firewall 1129
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 1129 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1129 -j ACCEPT
    #rick
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 1139 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1139 -j ACCEPT
    #/rick
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 10000 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 60000:60500 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth0 --dport 67:68 --sport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth1 --dport 67:68 --sport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -j REJECT  --syn
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
    COMMIT
    # Generated by webmin
    *mangle
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed
    # Generated by webmin
    *nat
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed
    
    cPanel.net Support Ticket Number:
     
  2. Keegan

    Keegan Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    110
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Help my pants are falling off!

    cPanel.net Support Ticket Number:
     
  3. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    36
    Rather than implementing iptable rules you don't understand or can't troubleshoot, try flushing all of your rules, disabling all unneeded services/daemons and go from there. If you disable services/daemons on your box that you don't need, then you won't have to block ports with iptables.

    cPanel.net Support Ticket Number:
     
Loading...

Share This Page