[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]

 "http://www.w3.org/TR/html4/loose.dtd">




<li>date: Sun Mar 21 20:42:32 2004</li>
<li>from: thewolfro at yahoo.com (george roman)</li>
<li>subject: [ale] Dns Port Problems</li>
the -x.y.z.t is my ip located on the internet
    -172.16.35.137 is my local computer


in /var/log/syslog i see only the logs from my
firewall that i named (DNS-in for the INPUT chain and
DNS-out for the output chain) but as i mentioned i can
see in netstat only the TCP SYN flag when i try telnet
from the outside (from x.y.x.t) no established
conection but i have an outgoing packet logged with
the firewall (with tcpdump i olso see an outgoing
packet from the dns server

this is tcpdump from DNS when i tried to connect to
prt 53 from x.y.z.t:

03:36:10.077870 x.y.z.t.sa-msg-port &gt; ns..domain: 
S1532033272:1532033272(0) win 5840 &lt;mss
1460,sackOK,timestamp 25289352 0,nop,wscale 0&gt;
(DF)[tos 0x10]
03:36:10.078383 ns..domain &gt; x.y.z.t.sa-msg-port: 
S1617471727:1617471727(0) ack 1532033273 win 5792 &lt;mss
1460,sackOK,timestamp 1387905 25289352,nop,wscale
0&gt;(DF)
03:36:13.077295 x.y.z.t.sa-msg-port &gt; ns..domain: 
S1532033272:1532033272(0) win 5840 &lt;mss
1460,sackOK,timestamp 25292352 0,nop,wscale 0&gt;
(DF)[tos 0x10]
03:36:13.077711 ns..domain &gt; x.y.z.t.sa-msg-port: 
S1617471727:1617471727(0) ack 1532033273 win 5792 &lt;mss
1460,sackOK,timestamp 1388205 25289352,nop,wscale
0&gt;(DF)
03:36:13.328501 ns..domain &gt; x.y.z.t.sa-msg-port: 
S1617471727:1617471727(0) ack 1532033273 win 5792 &lt;mss
1460,sackOK,timestamp 1388231 25289352,nop,wscale
0&gt;(DF)


this is the firewall log for the same conection

Mar 21 03:41:23 ns kernel:
DNS-IN:--log-ip-optionsIN=eth2 OUT= 
MAC=z.x.c.v.b.n
SRC=x.y.z.t DST=&lt;my DNS IP&gt; LEN=60 TOS=0x10
PREC=0x00TTL=62 ID=48210 DF 
PROTO=TCP SPT=1647 DPT=53
WINDOW=5840 RES=0x00 SYN URGP=0 
OPT(020405B40402080A0186AC070000000001030300)

Mar 21 03:41:23 ns kernel: DNS-OUT:--log-ip-optionsIN=
OUT=eth2 SRC=&lt;my 
DNS IP&gt;
DST=x.y.z.t LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0
DFPROTO=TCP SPT=53 
DPT=1647 WINDOW=5792 RES=0x00 ACK SYN
URGP=0 OPT (020405B40402080A0015A80B0186AC0701030300)



these are my options in maned.conf

options {
        directory &quot;/var/cache/bind&quot;;
        auth-nxdomain no;    # conform to RFC1035
        allow-query { 172.16.32.0/19; ISP 1-st DNS IP;
ISP 2-nd dns IP; x.y.z.t; 127.0.0.1;};
        allow-transfer { ISP 1-st DNS IP; ISP 2-nd dns
IP ; 172.16.35.137; x.y.z.t;  };
        transfer-source ISP 1-st DNS IP;
        notify-source ISP 1-st DNS IP;
        transfer-format many-answers;
        listen-on port 53 {external IP; 172.16.33.1;
127.0.0.1; };
};

where
-172.16.35.137 is my local computer on witch i tried
to configure a slave zone to see if the zone transfer
happends (it works)

-x.y.z.t is my ip located on the internet


this is the result of nmap started from my local
workstation(172.16.35.137), when the DNS...server had
no firewall(/etc/init.d/iptables clear)
^^^^^^^^^^^


Port       State       Service
9/tcp      open        discard
13/tcp     open        daytime
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
53/tcp     open        domain
80/tcp     open        http
110/tcp    open        pop-3
111/tcp    open        sunrpc
113/tcp    open        auth
199/tcp    open        smux
2401/tcp   open        cvspserver



this is the result of nmap started from the station
situated on the internet(x.y.z.t), when the DNS
..server had no firewall(/etc/init.d/iptables clear)
	     ^^^^^^^^^^

Port       State       Service
9/tcp      open        discard
13/tcp     open        daytime
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
53/tcp     filtered    domain
67/tcp     filtered    dhcp
80/tcp     open        http
110/tcp    open        pop-3
111/tcp    open        sunrpc
113/tcp    open        auth
119/tcp    filtered    nntp
135/tcp    filtered    loc-srv
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
161/tcp    filtered    snmp
162/tcp    filtered    snmptrap
199/tcp    open        smux
445/tcp    filtered    microsoft-ds
2401/tcp   open        cvspserver



this is the result of nmap started from the station
situated on the internet(x.y.z.t), when the DNS
..server had the firewall activated (but with
		 ^^^^^^^^^^^^^^^^^^
&quot;iptables -A INPUT -s x.y.z.t -j ACCEPT)

Port       State       Service
9/tcp      open        discard
13/tcp     open        daytime
22/tcp     open        ssh
23/tcp     open        telnet
25/tcp     open        smtp
37/tcp     open        time
53/tcp     filtered    domain
67/tcp     filtered    dhcp
80/tcp     open        http
110/tcp    open        pop-3
111/tcp    open        sunrpc
113/tcp    open        auth
119/tcp    filtered    nntp
135/tcp    filtered    loc-srv
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
161/tcp    filtered    snmp
162/tcp    filtered    snmptrap
199/tcp    open        smux
411/tcp    open        rmt
445/tcp    filtered    microsoft-ds
1026/tcp   filtered    nterm
1030/tcp   filtered    iad1
2401/tcp   open        cvspserver



this is the result of nmap started from the station
situated on the internet, when the DNS ..server had
the firewall activated (but without iptables -A INPUT
-s x.y.z.t -j ACCEPT )     ^^^^^^^

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
 
it can't scan my ports because I  have a rule against
it.


next i tried to configure a dns slave on x.y.z.t

and on the slave dns logs i see this message:

Mar 21 03:57:26.590 zone my.zone/IN: refresh: failure
trying master &lt;my master dns IP&gt;#53: timed out

there is no surprise for me since the 53's port is not
accessibe


do i have to confirure something special in my dns
options to have 
acces
at mai 53 port?


please help
and 10x for your time

george

__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
<a  rel="nofollow" href="http://taxes.yahoo.com/filing.html";>http://taxes.yahoo.com/filing.html</a>


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00788.html">[ale] OT: Opinion on Toshiba Laptop hardware?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00790.html">[ale] Memory settings/was - Hardware problems continue</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00821.html">[ale] New Media Linux on Boot CD distro</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00791.html">[ale] SCO sues the federales</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00789"><strong>Date</strong></a></li>
<li><a href="threads.html#00789"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>
Prev by Date: [no subject]
Next by Date: [no subject]
Previous by thread: [no subject]
Next by thread: [no subject]
Index(es):
- Date
- Thread