iptables & DNS
Code:
IPTABLES="/sbin/iptables" #Flush everything, start from scratch $IPTABLES -F #Set default policies to DROP $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP #Set default OUTPUT policy to ACCEPT $IPTABLES -P OUTPUT ACCEPT # Open ports for server/services $IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 37 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 43 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 113 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 465 -j ACCEPT $IPTABLES -A INPUT -p udp --dport 465 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 873 -j ACCEPT $IPTABLES -A INPUT -p udp --dport 873 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 995 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2082 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2083 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2086 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2087 -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 2089 -j ACCEPT
The problem is that after invoking that script, DNS traffic dies. rDNS is immediately slow, taking 30 seconds or more. For instance, with that invoked, getting to a ftp login prompt, just to the username takes about 30 seconds. With iptables flushed, ftp connects almost instantly.
Has anyone ever run into this before? If so, did you solve it? and would you be willing to share how you did?
