On 2004.09.11 20:32, Jesse rv wrote:
Here's a script I'm using to create some tables which will only allow in on
ports I'm running services. One of the problems I'm havng is that I can't
ping the Internet with a DNS address from this machine. I've allowed
everything in the OUTPUT table and can ping the Internet when using a
straight IP, but when I type in "ping google.com" the machine hangs for a
few seconds and gives me a server request error. I know it's something with
my rules because when I flush them all I can ping google.com just fine. Any
ideas would be greatly appreciated. I'm guessing it's something trivial but
can't put my finger on it yet.
thanks
........
# Adding Permittable Network/Hosts/Ports to Input Table on Internal
Interface
# Allowing DNS,FTP,SSH,Webmin,HTTP,SWAT,and Samba to Server
$RULE -A INPUT -i $INSIDEINT --proto icmp --icmp-type any -j ACCEPT
.......
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 53 -d $INSIDEIP -j ACCEPT
.......
One thing, at least, is that you have to allow DNS on both tcp and upd.
So you also need a rule like this:
$RULE -A INPUT -i $INSIDEINT --proto udp --dport 53 -d $INSIDEIP -j ACCEPT
HTH
Jim
