FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-01-2012, 07:14 AM
Shane Bywater
 
Default Yes another "I can't open port 53 for Bind DNS"

Hi,
It's just past 3am and for the past 6 hours I've been
configuring a secondary name server to replace one that just crashed.
My problem appears to be that port 53 is not open for some reason on my
server even though I have this:

[root@tribe etc]# netstat -an | grep ":53 "
tcp 0 0 205.211.154.3:53
0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53
0.0.0.0:* LISTEN
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 205.211.154.3:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*

But with a test from
http://www.yougetsignal.com/tools/open-ports/
it says port 53 is closed.

I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2

I'm not using iptables (well I didn't configure any)

[root@tribe log]# iptables --line-numbers -n -L
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Currently this server is not behind any type of firewall.

Can someone suggest something I have forgotten?

TIA,
Shane
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-01-2012, 08:01 AM
Ken Smith
 
Default Yes another "I can't open port 53 for Bind DNS"

Shane Bywater wrote:
> Hi,
> It's just past 3am and for the past 6 hours I've been
> configuring a secondary name server to replace one that just crashed.
> My problem appears to be that port 53 is not open for some reason on my
> server even though I have this:
>
> [root@tribe etc]# netstat -an | grep ":53 "
> tcp 0 0 205.211.154.3:53
> 0.0.0.0:* LISTEN
> tcp 0 0 127.0.0.1:53
> 0.0.0.0:* LISTEN
> udp 0 0 205.211.154.3:53 0.0.0.0:*
>

> {snip}
>
> But with a test from
> http://www.yougetsignal.com/tools/open-ports/
> it says port 53 is closed.
>
> I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
>
> I'm not using iptables (well I didn't configure any)
>
{snip}


> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
> reject-with icmp-host-prohibited
>
>
{snip}
> Can someone suggest something I have forgotten?
>
> TIA,
> Shane
>
I think iptables rule 5 is stopping DNS.

I can 'see' your ICMP (ping) and SSH are open from here.

I've not used Centos 6 in production yet but try entering:-

iptables -I INPUT 4 -p udp --dport 53 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -I INPUT 4 -p tcp --dport 53 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT



hopefully that will fix it

YMMV

Ken

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-01-2012, 08:05 AM
Ken Smith
 
Default Yes another "I can't open port 53 for Bind DNS"

Ken Smith wrote:
> Shane Bywater wrote:
>
>> Hi,
>> It's just past 3am and for the past 6 hours I've been
>>
>>
>
> iptables -I INPUT 4 -p udp --dport 53 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> iptables -I INPUT 4 -p tcp --dport 53 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
>
> Ken
>
>

Obviously those commands are all on one line

so the '--state' is followed by 'NEW,' and not line wrapped as in this
e-mail

:-) Ken


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-01-2012, 11:12 AM
Dennis Jacobfeuerborn
 
Default Yes another "I can't open port 53 for Bind DNS"

On 02/01/2012 10:01 AM, Ken Smith wrote:
> Shane Bywater wrote:
>> Hi,
>> It's just past 3am and for the past 6 hours I've been
>> configuring a secondary name server to replace one that just crashed.
>> My problem appears to be that port 53 is not open for some reason on my
>> server even though I have this:
>>
>> [root@tribe etc]# netstat -an | grep ":53 "
>> tcp 0 0 205.211.154.3:53
>> 0.0.0.0:* LISTEN
>> tcp 0 0 127.0.0.1:53
>> 0.0.0.0:* LISTEN
>> udp 0 0 205.211.154.3:53 0.0.0.0:*
>>
>
>> {snip}
>>
>> But with a test from
>> http://www.yougetsignal.com/tools/open-ports/
>> it says port 53 is closed.
>>
>> I'm using CentOS 6.0 and BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
>>
>> I'm not using iptables (well I didn't configure any)
>>
> {snip}
>
>
>> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-host-prohibited
>>
>>
> {snip}
>> Can someone suggest something I have forgotten?
>>
>> TIA,
>> Shane
>>
> I think iptables rule 5 is stopping DNS.
>
> I can 'see' your ICMP (ping) and SSH are open from here.
>
> I've not used Centos 6 in production yet but try entering:-
>
> iptables -I INPUT 4 -p udp --dport 53 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> iptables -I INPUT 4 -p tcp --dport 53 -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT

You only want "--state NEW". The related/established bit is handled by rule
1 in the INPUT chain.

Regards,
Dennis

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-02-2012, 02:31 AM
Gordon Messmer
 
Default Yes another "I can't open port 53 for Bind DNS"

On 02/01/2012 12:14 AM, Shane Bywater wrote:
> I'm not using iptables (well I didn't configure any)
>
> [root@tribe log]# iptables --line-numbers -n -L
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> RELATED,ESTABLISHED

You should figure out who/what did, then. Those rules don't look like
they were created by Red Hat's tools (where you'd see RH-Firewall...),
and won't be present by default. Something created rules and the rules
don't allow access to TCP or UDP 53 (you need both).

For now, just flush the rules: iptables -F INPUT

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:22 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org