l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2001 Dec 30 17:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Firewall question... nslookup
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Firewall question... nslookup

I get www.jeffmcnurlin.com on nslookup, and netcraft.com
(running Apache 1.3.19/Unix-Linux on DSL) at:

Brian S.

Doug Barbieri wrote:

> Thanks Henry for getting back to me. I implemented a change similar to
> yours, but I still notice that if I try to access the domain in question
> (www.jeffmcnurlin.com) from inside my work's firewall, those UDP requests
> are DENYed, because for some reason my site is being contacted via ports
> numbered *below* 1024. It seems that those are the only DENYed packets
> that I notice in my messages log for port 53.
> My question is this: is this just a broken NT nslookup thing, or should I
> expect other sites to attempt to connect to me from ports > 1024 to my
> port 53?
> BTW: Could anyone else please see if you can do an nslookup on
> www.jeffmcnurlin.com? I just want to know that it can be resolved from as
> many other sites as possible. This domain belongs to my brother-in-law and
> he has his resume and portfolio posted, so I want to make sure that
> recruiters can access his site.
> R. Douglas Barbieri
> doug@dooglio.net
> http://www.dooglio.net
> "There is no case...there never was! It's all just a joke, a big joke!"
> --Former Inspector Wollenski
> On Tue, 3 Jul 2001, Henry House wrote:
> > On Tue, Jul 03, 2001 at 10:09:10PM -0700, Doug Barbieri wrote:
> > [snip]
> > for server in $NS_SERVERS; do
> >       ipchains -A output -i $IFACE_INET -p tcp  \
> >               -s $ME 1024:65535 \
> >               -d $server domain -j ACCEPT
> >       ipchains -A input  -i $IFACE_INET -p tcp  \
> >               -s $server domain \
> >               -d $ME 1024:65535 -j ACCEPT
> >       ipchains -A output -i $IFACE_INET -p udp  \
> >               -s $ME 1024:65535 \
> >               -d $server domain -j ACCEPT
> >       ipchains -A input  -i $IFACE_INET -p udp  \
> >               -s $server domain \
> >               -d $ME 1024:65535 -j ACCEPT

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.