Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

iptables dns

Discussion in 'Bind/DNS/Nameserver' started by Keegan, Sep 26, 2003.

  1. Keegan

    Keegan Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    Possible syntax error, or what else have a messed up here.

    The problem... When iptables are on it is blocking ALL DNS queries, server is slow as beans, all hosting clients are dead in the water.

    Any ideas?

    Code:
    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    #       firewall; such entries will *not* be listed here.
    *filter
    :OUTPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    :INPUT ACCEPT [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A FORWARD -j RH-Lokkit-0-50-INPUT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 20 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 110 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 113 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 143 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 443 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 873 -j ACCEPT  --syn
    # Linkpoint API Firewall 1129
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 1129 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1129 -j ACCEPT
    #rick
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 1139 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1139 -j ACCEPT
    #/rick
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 3306 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 10000 -j ACCEPT  --syn
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 60000:60500 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth0 --dport 67:68 --sport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 -d 0/0 -i eth1 --dport 67:68 --sport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp -j REJECT  --syn
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
    COMMIT
    # Generated by webmin
    *mangle
    :FORWARD ACCEPT [0:0]
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed
    # Generated by webmin
    *nat
    :OUTPUT ACCEPT [0:0]
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    COMMIT
    # Completed
    
    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Keegan

    Keegan Well-Known Member

    Joined:
    Oct 22, 2001
    Messages:
    109
    Likes Received:
    0
    Trophy Points:
    316
    cPanel Access Level:
    DataCenter Provider
    Help my pants are falling off!

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ciphervendor

    ciphervendor Well-Known Member

    Joined:
    Aug 26, 2002
    Messages:
    1,052
    Likes Received:
    0
    Trophy Points:
    166
    Rather than implementing iptable rules you don't understand or can't troubleshoot, try flushing all of your rules, disabling all unneeded services/daemons and go from there. If you disable services/daemons on your box that you don't need, then you won't have to block ports with iptables.

    cPanel.net Support Ticket Number:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice