HPE Community
Operating System - Linux
1827965 Members
2752 Online
109973 Solutions
New Discussion

Re: iptables is blocking rndc

 
SOLVED
Go to solution
tpfraz
Advisor

‎07-25-2003 08:33 PM

‎07-25-2003 08:33 PM

iptables is blocking rndc

Hi,
I'm having some problems configuring iptables on my name server.
I have bind 9.2.1 on RedHat 8 with iptables 1.2.6a.

I recently tried to configure iptables to allow only ssh and bind to come through on the INPUT. I have destination port 22 and 53 open on both tcp and udp. I also have tcp port 953 open for rndc.
I then have the default policy for INPUT set to DROP.
I have no rules set in either OUTPUT or FORWARD and they both have a default policy of ACCEPT.

When I try to use rndc, it tries to connect but then times out after a while.
If I change the default policy of INPUT to ACCEPT then everything works fine.

Is there something I am missing? Is there another port I need to open.
rndc and bind is of course on the same machine.

Also, when I have these settings in iptables and I try to ssh to the machine. It takes about 10 seconds before the login banner appears on screen.
But again if I set default policy for INPUT to ACCEPT, then all is well again...

Any ideas?
Thanks in advance...

-Travis
0 Kudos
Reply
6 REPLIES 6
Khalid A. Al-Tayaran
Valued Contributor

‎07-25-2003 10:12 PM

‎07-25-2003 10:12 PM

Re: iptables is blocking rndc


Hi,

did you try: ntsysv ??
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎07-25-2003 10:52 PM

‎07-25-2003 10:52 PM

Re: iptables is blocking rndc

Hi,

It seems that you have given the iptables -A INPUT accept rule for rndc after you gave iptables default DROP rule.

Order is important.

Flush iptables input rules and give all the accept rules one by one ( iptables -A INPUT ) and atlast the default DROP rule.

Also check whether rndc is running or not and if running confirm the exact port.

#lsof -i | grep rndc

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
tpfraz
Advisor

‎07-25-2003 11:51 PM

‎07-25-2003 11:51 PM

Re: iptables is blocking rndc

I added the default DROP policy last,
and I added it as a policy and not a normal rule.

iptables -P INPUT DROP

I don't think order matter as far as policies are concerned.

-Travis
0 Kudos
Reply
Avinoam
Frequent Advisor

‎07-26-2003 10:08 PM

‎07-26-2003 10:08 PM

Solution

Re: iptables is blocking rndc

you should also add a rule to your INPUT chain the enable established sessions back to you:
add the folowing rule as your first rule in the INPUT chain

iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT


this one should do the trick ,all the already established and realted session will be eblae to continue the communication with your pc.
Sababa
Reply
tpfraz
Advisor

‎07-26-2003 11:31 PM

‎07-26-2003 11:31 PM

Re: iptables is blocking rndc

Avinoam,
Thank you, a perfect fix...
Those rules fixed both the rndc not working and the ssh login taking a long time.
Thanks again.

-Travis
0 Kudos
Reply
Avinoam
Frequent Advisor

‎07-26-2003 11:57 PM

‎07-26-2003 11:57 PM

Re: iptables is blocking rndc

happy to hear that it helped :-)
Sababa
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.