Beginner's question on iptables firewalls...
Can you all help me set up a proper set of iptables rules to allow name service to run on my server?
I have:
-A INPUT -p udp --sport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT
-A INPUT -p tcp --sport 53 -j ACCEPT
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --sport 1024:65535 -j ACCEPT
-A INPUT -p udp --dport 1024:65535 -j ACCEPT
FORWARD rules are set up the same as INPUT rules.
OUTPUT rules allow everything except telnet.
External hosts trying to access the name server (that is running on this host) can't get to it. If I turn off iptables (with /etc/rc.d/init.d/iptables stop), then name service works fine.
What am I missing?
Also, I'm wondering if I really need to open up the whole range of
1024-65535. I'm told that name service uses some random port in that range for a "reply" port but it seems like asking a bit much to have to open up that whole range.Thanks...