[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Impenetrable firewall - SuSE 9.2



Hi Keith,
I didn't take a close look at your FW rules, but on first glance they look 
reasonable enough, except the thing about 
>FW_SERVICES_DMZ_TCP="http https 80"
As you don't have a DMZ interface no services can be present there.

But I did take a look on the DNS entries for your server, which you 
conveniently called server.asgard.org.nz) and found that there is no DNS 
entry for it.

wolfgang@wolfgang:~> host server.asgard.org.nz ns1.inspire.net.nz
Using domain server:
Name: ns1.inspire.net.nz
Address: 203.114.128.1#53
Aliases:

Host server.asgard.org.nz not found: 3(NXDOMAIN)

As you can see, your own nameserver doesn't know about your server, who could 
others?

HTH
regards from Vienna

Wolfgang

-- 
 -----------------------------------------------------
   Wolfgang Leithner           Pinguin-Systeme.at
   CEO/CTO  Systems and Security
   EMail: wolfgang.leithner@xxxxxxxxxxxxxxxxxx
   http://www.pinguin-systeme.at
 -----------------------------------------------------
   GPG Key Fingerprint:
   21FE FB64 BD83 8385 364A  E927 BB2F F331 84FD 12A9
 -----------------------------------------------------
 GPG Public Key can be found at:
 http://www.pinguin-systeme.at/privacy/wl.asc
 -----------------------------------------------------
 Registered Linux User # 388544
 To support the Cause of Linux and OpenSource please
 register at: http://counter.li.org
 -----------------------------------------------------
   Der Inhalt dieser Nachricht ist persoenlich und
   vertraulich und lediglich fuer die Verwendung durch
   den/die Adressaten bestimmt. Sollten Sie diese
   Nachricht irrtuemlich erhalten haben, infor-
   mieren Sie bitte postmaster@xxxxxxxxxxxxxxxxxxx

   This email and any files transmitted with it are
   confidential and intended solely for the use of the
   individual or entity to whom they are addressed. If
   you have received this email in error please notify
   postmaster@xxxxxxxxxxxxxxxxxx
 -----------------------------------------------------

Attachment: pgp3DTn0bILS8.pgp
Description: signature