nslookup can't get to HK from US thru ipchains.

Kent Ho (kent@outblaze.com)
Tue, 27 Apr 1999 12:00:54 +0800

I have setup a DNS server in Hong Kong running Linux Kernel 2.2.6 with
ipchains firewall support enabled. The DNS has been running for quite a
while and it's working fine until I decided to setup a firewall using
ipchains. I have setup the firewall for DNS as follows.

#!/bin/sh
PORTS="1024:65535"
LOCALIP="xxx.xxx.xxx.xxx"
LOCALNET="xxx.xxx.xxx.xxx/xx"
ANYNET="0.0.0.0/0"
LOOP="127.0.0.1"
EXEC="/sbin/ipchains"

#Flush all rules (allow all)
$EXEC -F

# Allow DNS connection from anywhere
$EXEC -A input -p TCP -s $ANYNET 53 -d $LOCALIP 53
-j ACCEPT
$EXEC -A input -p UDP -s $ANYNET 53 -d $LOCALIP 53
-j ACCEPT
$EXEC -A input -p TCP -s $ANYNET 53 -d $LOCALIP $PORTS
-j ACCEPT
$EXEC -A input -p UDP -s $ANYNET 53 -d $LOCALIP $PORTS
-j ACCEPT

As far as I know there's nothing wroug with these settings. When I up
the firewall up everything seems to working fine locally and other
networks in Hong Kong but when I use a machine in the US, I can't query
the server in Hong Kong using nslookup while the firewall is up. When
I disable the firewall then everything works fine.

What could be causing this problem? Any ideas or solusions?

Your help is highly appreciated. Many thanks.

Kent.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/