|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [suse-security] SuSE firewall2 configuration for zone transfer
From: M. Edwin (edwin
nsi.co.id)
Date: Fri Jul 25 2003 - 02:11:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear all,
The problem already solved. I check again the firewall log, and I found
that something went wrong. The server rejected the packet from our
secondary dns server from port 53 (source=53 and several destination on
high port). I don't know why this happen. I'm sure that I already open
the TCP and UDP 53. I restart the firewall2 and named service but this
problem still happened. So I decided to reboot the server. After reboot,
everything goes to normal, and the zone transfer running automatically,
even that both UDP and TCP highport packet is not allow on firewall
configuration.
Thanks for all your help and suggestion.
Kind Regards,
M. Edwin
-----Original Message-----
From: Kringstad, Trond [mailto:trond.kringstadsoftware-innovation.com]
Sent: Thursday, July 24, 2003 5:34 PM
To: Moh Edwin
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer
Have you checked your logs ? Im using bind9 with zone transfer of
28 zones. The only ports opened in the firewall is UDP/TCP 53 inbound.
Trond
-----Original Message-----
From: M. Edwin [mailto:edwinnsi.co.id]
Sent: 24. juli 2003 04:58
To: 'Knut Erik Hauslo'
Cc: suse-securitysuse.com
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer
Hi,
I opened all highport, but still the zone cannot transfer.
I used Bind9 and my named.conf is very standard, and I put the
allow-transfer on global options. Do you have other suggestion?
Kind Regards,
M. Edwin
-----Original Message-----
From: Knut Erik Hauslo [mailto:KNUTHvoelcker.com]
Sent: Wednesday, July 23, 2003 3:48 PM
To: Moh Edwin
Cc: suse-securitysuse.com
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer
Correct, you need to open Highports_TCP too. However, I did encounter
some problems when using FW_ALLOW_INCOMIN_HIGHPORTS_TCP="ftp-data" so i
changed ftp-data to yes.
Cheers,
Knut Erik
-----Original Message-----
From: M. Edwin [mailto:edwinnsi.co.id]
Sent: Wednesday, July 23, 2003 9:10 AM
To: Knut Erik Hauslo
Cc: suse-securitysuse.com
Subject: RE: [suse-security] SuSE firewall2 configuration for zone
transfer
It means I also have to open highport TCP and TCP 53, right?
My current firewall setting for TCP high port is
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
regards,
Edwin
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]