[Unbound-users] Unbound and firewall

[Ricardo Fraile]

I think that the unbound open an arbitrary udp port, how can I fix for use always the same port?



Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
udp        0      0 0.0.0.0:53              0.0.0.0:*                           1152/unbound    
udp        0      0 0.0.0.0:17790           0.0.0.0:*                           1152/unbound 





thanks,


________________________________
 De: Ricardo Fraile <rfrail3 at yahoo.es>
Para: "unbound-users at unbound.net" <unbound-users at unbound.net> 
Enviado: Jueves 29 de noviembre de 2012 16:43
Asunto: Unbound and firewall
 

Hello, 



   I try to put iptables in the same server that unbound but I can't do a local resolv:

dig terra.es @127.0.0.1

; <<>> DiG 9.7.3 <<>> terra.es @127.0.0.1
;; global options: +cmd
;; connection timed out; no servers could be reached



whit this iptables rules:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2271:2106405]
-A INPUT -s 30.0.0.0/8 -p tcp -j ACCEPT 
-A INPUT -s 30.0.0.0/8 -p udp -j ACCEPT 
-A INPUT -s 30.0.0.0/8 -p icmp -j ACCEPT 
-A INPUT -s 127.0.0.1/32 -p udp -j ACCEPT 
-A INPUT -s 127.0.0.1/32 -p tcp -j ACCEPT 
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT 

-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -j DROP 
COMMIT



If I clean the firewall, all works, but why? Which ports use unbound for the queries?


Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20121129/15cad981/attachment.htm>