William McInnis
2003-Jul-11 01:56 UTC
[Shorewall-users] why does shorewall hang my named server?
shorewall only hangs my named server everything eles works except named and thats why my email dont work when i have shorewall started it dont give me any messages when i try it is named tcp or udp? --------------------------------------------------------------------------------
> shorewall only hangs my named server everything eles works except > named and thats why my email dont work when i have shorewall started > it dont give me any messages when i try it is named tcp or udp?Depends. ;) See http://shorewall.net/ports.htm and be sure to open all necessary incoming and outgoing connections. karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
j2@mupp.net
2003-Jul-11 02:21 UTC
[Shorewall-users] why does shorewall hang my named server?
Quoting William McInnis <william@dragonbox.net>:> shorewall only hangs my named server everything eles works except named and > thats why my email dont work when i have shorewall started it dont give me > any messages when i try it is named tcp or udp?Both. Defaults to UDP, but if the anser is bigger then what will fit in a single datagram, the rest is sent by TCP. Besides, which DNS are you running? Later versions of BIND may try to utilize any high port for queries. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
Patrick Benson
2003-Jul-11 05:49 UTC
[Shorewall-users] why does shorewall hang my named server?
William McInnis wrote:> > shorewall only hangs my named server everything eles works except named and thats why my email dont work when i have shorewall started it dont give me any messages when i try it is named tcp or udp?Hi William, Do you have any output in your logs, in /var/log/messages or syslog, by any chance, showing what may be the cause? I''m not a DNS guru, in any way, but there is a good alternative to BIND and named if you happen to have problems with firewalling and DNS issues, namely Dan Bernstein''s djbdns suite: http://cr.yp.to/djbdns.html Why I mention it is because DNS is such a vulnerable spot when having to do with firewalls, since you have the udp 53 + tcp 53 ports wide open to the net. I''ve been using djbdns since it first appeared on Charles Steinkuehler''s port to LRP, the Eigerstein floppy image, and utilize it on Slackware and FreeBSD boxes whenever I can. Very easy to configure alongside Shorewall and very flexible configuration options. Dan''s documentation is very worthwhile reading on the subject of DNS and his programs are well-known for not having to be patched on a continual basis. Best regards, -- Patrick Benson Stockholm, Sweden