l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2001 Dec 30 17:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Firewall question...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Firewall question...



Thanks Henry for getting back to me. I implemented a change similar to
yours, but I still notice that if I try to access the domain in question
(www.jeffmcnurlin.com) from inside my work's firewall, those UDP requests
are DENYed, because for some reason my site is being contacted via ports
numbered *below* 1024. It seems that those are the only DENYed packets
that I notice in my messages log for port 53.

My question is this: is this just a broken NT nslookup thing, or should I
expect other sites to attempt to connect to me from ports > 1024 to my
port 53?

BTW: Could anyone else please see if you can do an nslookup on
www.jeffmcnurlin.com? I just want to know that it can be resolved from as
many other sites as possible. This domain belongs to my brother-in-law and
he has his resume and portfolio posted, so I want to make sure that
recruiters can access his site.

R. Douglas Barbieri
doug@dooglio.net
http://www.dooglio.net

"There is no case...there never was! It's all just a joke, a big joke!"
--Former Inspector Wollenski

On Tue, 3 Jul 2001, Henry House wrote:

> On Tue, Jul 03, 2001 at 10:09:10PM -0700, Doug Barbieri wrote:
> [snip]
> for server in $NS_SERVERS; do
> 	ipchains -A output -i $IFACE_INET -p tcp  \
> 		-s $ME 1024:65535 \
> 		-d $server domain -j ACCEPT
> 	ipchains -A input  -i $IFACE_INET -p tcp  \
> 		-s $server domain \
> 		-d $ME 1024:65535 -j ACCEPT
> 	ipchains -A output -i $IFACE_INET -p udp  \
> 		-s $ME 1024:65535 \
> 		-d $server domain -j ACCEPT
> 	ipchains -A input  -i $IFACE_INET -p udp  \
> 		-s $server domain \
> 		-d $ME 1024:65535 -j ACCEPT



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.