Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
Hidevs2016-05-14 11:23:10
Domain Name System
Hidevs, 2016-05-14 11:23:10

Setting up iptables?

-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53,80,443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp- type 0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A OUTPUT -p icmp -j DROP
with this configuration, client machines do not see dns if you change P INPUT ACCEPT or manually register a dns server on the machine (8.8 .8.8) everything starts working.
tell me what to fix
ubuntu server 16.04
dnsmaq:
listen-address=127.0.0.1
listen-address=192.168.1.1
listen-address=192.168.0.1
dhcp-range=192.168.1.100,192.168.1.130,255.255.255.0,2h
dhcp-range= 192.168.0.100,192.168.0.130,255.255.255.0,2h
interfaces:
# The loopback network interface
auto lo enp3s2 enp3s1 enp2s0 dsl-provider
iface lo inet loopback
# LAN
iface enp3s1 inet static
Address 192.168.0.1
Network 192.168.0.0
Netmask 255.255.25.0 Broadcast
192.168.0.255
DNS-NameServers 8.8.8.8 8.8.4.4
# LAN 2
IFACE ENP3S2 INET STATIC ADDRESS
192.168.1.1
Network 192.168.1.0
Netmask 255.255.255.0 Broadcast
192.168.1.255
DNS nameservers 8.8.8.8 8.8.4.4
# WAN
iface enp2s0 inet manual
iface dsl-provider inet ppp
pre-up /bin/ip link set enp2s0 up # line maintained by pppoeconf
provider dsl-provider
pre-up iptables-restore < /etc/iptables .up.rules
iptables:
# Generated by iptables-save v1.6.0 on Thu May 12 08:59:40 2016
*filter
:INPUT DROP [54:4786]
:FORWARD ACCEPT [1146:1152945]
:OUTPUT ACCEPT [18:2656]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 22,25,53, 80,443 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp- type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A OUTPUT -p icmp -j DROP
COMMIT
# Completed on Thu May 12 08:59:40 2016
# Generated by iptables-save v1.6.0 on Thu May 12 08:59:40 2016
*mangle
:PREROUTING ACCEPT [22002418:14044695418 ]
:INPUT ACCEPT [750514:335244927]
:FORWARD ACCEPT [21247910:13704525614]
:OUTPUT ACCEPT [759521:72791753]
:POSTROUTING ACCEPT [22009789:13778175029]
-A FORWARD -ppc - -ppc0 SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Thu May 12 08:59:40 2016
# Generated by iptables-save v1.6.0 on Thu May 12 08:59:40 2016
*nat
:PREROUTING ACCEPT [131923:10567253]
:INPUT ACCEPT [21124:1982145]
:OUTPUT ACCEPT [7356:1012014]
:POSTROUTING ACCEPT [163516:13463108]
-A PREROUTING -d 46.146.235.212/32 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.1.101:8081
- A POSTROUTING -d 192.168.1.101/32 -p tcp -m tcp --dport 8081 -j SNAT --to-source 46.146.235.212
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Thu May 12 08:59: 40 2016

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
H
Hidevs, 2016-05-14
@Hidevs

this seems to have helped:
iptables -t nat -I PREROUTING 1 -i enp3s2 -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I PREROUTING 1 -i enp3s2 -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I PREROUTING 1 -i enp3s1 -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables - t nat -I PREROUTING 1 -i enp3s1 -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I OUTPUT 1 -o ppp0 -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
iptables -t nat -I OUTPUT 1 -o ppp0 -p tcp --dport 53 -j DNAT --to-destination 8.8.8.8:53

Report
A
Alexander, 2016-05-14
@NeiroNx

DNS works on UDP protocol on port 53, and you have it registered in TCP

Report
D
Denis Sechin, 2018-04-19
@tamogavk

It is necessary to allow passage through port 53 but udp

Similar questions
D
Dmitry Dobryshin2019-11-11 14:56:16
Why is DNS not working on Debian 10? 1Reply
E
EnZo_Smile2017-06-16 10:16:49
How to set up a redirect if you only have a domain name? 2Reply
T
Talyan2019-11-19 01:16:32
Are there ready-made linux utilities for working with bind? 3Reply
D
Danil Andreev2017-06-20 21:58:31
How does dns work? 4Reply
P
portezanen2015-07-15 12:38:14
How to make the transition from a subdomain to an intranet site? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question