Iptables not blocking UDP port 53
On Fri, Jul 11, 2008 at 7:03 PM, Johnny Hughes <email@example.com> wrote:
> Sean Carolan wrote:
>> I'm attempting to block access to port 53 from internet hosts for an
>> internal server. This device is behind a gateway router so all
>> traffic appears to come from source ip 10.100.1.1. Here are my
>> (non-working) iptables rules:
> If it is behind a gateway router, how is port 53 traffic getting from the
> internet to that DNS server in the first place.
> Also ... IF you are PORT FORWARDING port 53 from the internet to the DNS
> server, then the SOURCE IP will not be the IP of the forwarding device, but
> the IP of the machine making the request.
> If this device is really behind a firewall why are you even forwarding any
> traffic to it from port 53 in the first palce?
> CentOS mailing list
Assuming a SOHO LinkSys firewall preferably with dd-wrt alternative firmware.
Are you sure this DNS Server is not in the DMZ?
Are you sure the port isn't opened under the UPnP section? It is
conceivable that mDNS / AVAHI with a UPnP router automatically open
this port on the firewall.
CentOS mailing list