Firewall still blocking port 53 despite listing otherwise?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Tom on Server Fault See other posts from Server Fault or by Tom
Published on 2011-02-24T20:55:02Z Indexed on 2011/02/24 23:27 UTC
Read the original article Hit count: 236

Filed under:
|
|

I have 3 nodes with virtually the same iptables rules loaded from a bash script, but one particular node is blocking traffic on port 53 despite listing it's accepting it:

$ iptables --list -v

Chain INPUT (policy DROP 8886 packets, 657K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere            
    2   122 ACCEPT     icmp --  any    any     anywhere             anywhere            icmp echo-request 
20738 5600K ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  eth1   any     anywhere             node1.com multiport dports http,smtp 
    0     0 ACCEPT     udp  --  eth1   any     anywhere             ns.node1.com udp dpt:domain 
    0     0 ACCEPT     tcp  --  eth1   any     anywhere             ns.node1.com tcp dpt:domain 
    0     0 ACCEPT     all  --  eth0   any     node2.backend        anywhere            
   21  1260 ACCEPT     all  --  eth0   any     node3.backend        anywhere            
    0     0 ACCEPT     all  --  eth0   any     node4.backend        anywhere            

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 15804 packets, 26M bytes)
 pkts bytes target     prot opt in     out     source               destination

nmap -sV -p 53 ns.node1.com // From remote server

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST
Interesting ports on ns.node1.com (1.2.3.4):
PORT   STATE    SERVICE VERSION
53/tcp filtered domain

Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds

Any ideas?

Thanks

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about dns

Related posts about firewall

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle