Dear,
The problem is resolvido.Removi the standard rules of CENTOS and dns is
responding.
I do not need these, I have a firewall.
Below is a table with the filter and reject rules CENTOS:
[root at samba ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2527 775K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 60 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0
889 82153 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
3 156 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW tcp dpt:22
121 9147 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 REJECT all -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 3274 packets, 482K bytes)
2016-10-08 20:00 GMT-03:00 Rodrigo Cunha <rodrigo.root.rj at gmail.com>:
> [root at samba ~]# netstat --numeric-hosts --numeric-ports --programs -u -t
> -l |grep -i samba
> tcp 0 0 0.0.0.0:636 0.0.0.0:*
> LISTEN 1278/./samba
> tcp 0 0 0.0.0.0:1024 0.0.0.0:*
> LISTEN 1275/./samba
> tcp 0 0 0.0.0.0:3268 0.0.0.0:*
> LISTEN 1278/./samba
> tcp 0 0 0.0.0.0:3269 0.0.0.0:*
> LISTEN 1278/./samba
> tcp 0 0 0.0.0.0:389 0.0.0.0:*
> LISTEN 1278/./samba
> tcp 0 0 0.0.0.0:135 0.0.0.0:*
> LISTEN 1275/./samba
> tcp 0 0 0.0.0.0:464 0.0.0.0:*
> LISTEN 1280/./samba
> tcp 0 0 0.0.0.0:53 0.0.0.0:*
> LISTEN 1286/./samba
> tcp 0 0 0.0.0.0:88 0.0.0.0:*
> LISTEN 1280/./samba
> tcp 0 0 :::636
> :::* LISTEN 1278/./samba
> tcp 0 0 :::1024
> :::* LISTEN 1275/./samba
> tcp 0 0 :::3268
> :::* LISTEN 1278/./samba
> tcp 0 0 :::3269
> :::* LISTEN 1278/./samba
> tcp 0 0 :::389
> :::* LISTEN 1278/./samba
> tcp 0 0 :::135
> :::* LISTEN 1275/./samba
> tcp 0 0 :::464
> :::* LISTEN 1280/./samba
> tcp 0 0 :::53
> :::* LISTEN 1286/./samba
> tcp 0 0 :::88
> :::* LISTEN 1280/./samba
> udp 0 0 192.168.3.10:389 0.0.0.0:
> * 1279/./samba
> udp 0 0 0.0.0.0:389 0.0.0.0:
> * 1279/./samba
> udp 0 0 192.168.3.10:137 0.0.0.0:
> * 1276/./samba
> udp 0 0 192.168.3.255:137 0.0.0.0:
> * 1276/./samba
> udp 0 0 0.0.0.0:137 0.0.0.0:
> * 1276/./samba
> udp 0 0 192.168.3.10:138 0.0.0.0:
> * 1276/./samba
> udp 0 0 192.168.3.255:138 0.0.0.0:
> * 1276/./samba
> udp 0 0 0.0.0.0:138 0.0.0.0:
> * 1276/./samba
> udp 0 0 0.0.0.0:53 0.0.0.0:
> * 1286/./samba
> udp 0 0 192.168.3.10:464 0.0.0.0:
> * 1280/./samba
> udp 0 0 0.0.0.0:464 0.0.0.0:
> * 1280/./samba
> udp 0 0 192.168.3.10:88 0.0.0.0:
> * 1280/./samba
> udp 0 0 0.0.0.0:88 0.0.0.0:
> * 1280/./samba
> udp 0 0 :::389
> :::* 1279/./samba
> udp 0 0 :::53
> :::* 1286/./samba
> udp 0 0 :::464
> :::* 1280/./samba
> udp 0 0 :::88
> :::* 1280/./samba
> [root at samba ~]# netstat --numeric-hosts --numeric-ports --programs -u -t
> -l |grep -i samba
>
>
> 2016-10-08 19:35 GMT-03:00 Reindl Harald via samba <samba at
lists.samba.org>
> :
>
>>
>>
>> Am 08.10.2016 um 23:30 schrieb Rodrigo Cunha via samba:
>>
>>> Thanks for the answer, I need the samba as internal DNS, but it
does not
>>> respond to requests from other machines on the network
>>>
>>
>> define "it does not respond"
>>
>> * /usr/bin/netstat --numeric-hosts --numeric-ports --programs -u -t -l
>> * check four firewall
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
>
>
--
Atenciosamente,
Rodrigo da Silva Cunha
Am 09.10.2016 um 05:36 schrieb Rodrigo Cunha:> The problem is resolvido.Removi the standard rules of CENTOS and dns is > responding.and hence one checks first if the service listens and then if "tlent host 53" allows a connection> I do not need these, I have a firewalleach host should have it's own packet filter because the firewall don't protect from *internal* attacks and in case the one and only firewall has a bug you are not exposed> Below is a table with the filter and reject rules CENTOSthat's how a host typically has to look like - just only allow responses and explicit allowed ports, reject the rest unconditional
Thank Reindl, my customers are small and I always update firewalls to new versions. Usually I separate the intranet wifi network for security. focus all network security firewall. 2016-10-09 5:15 GMT-03:00 Reindl Harald via samba <samba at lists.samba.org>:> > > Am 09.10.2016 um 05:36 schrieb Rodrigo Cunha: > >> The problem is resolvido.Removi the standard rules of CENTOS and dns is >> responding. >> > > and hence one checks first if the service listens and then if "tlent host > 53" allows a connection > > I do not need these, I have a firewall >> > > each host should have it's own packet filter because the firewall don't > protect from *internal* attacks and in case the one and only firewall has a > bug you are not exposed > > Below is a table with the filter and reject rules CENTOS >> > > that's how a host typically has to look like - just only allow responses > and explicit allowed ports, reject the rest unconditional > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Atenciosamente, Rodrigo da Silva Cunha