日期:2014-05-16  浏览次数:20817 次

关于IPTABLES中打开80,53端口后DNS依旧无法解析的问题.
各位,我的IPTABLES配置如下,因为是初学,难免有错误,但是,不知道哪里出错造成只能PING外网的IP,域名却无法PING通,如果有其他错误,请指出来,谢谢!!
:INPUT DROP [4118:319422]
# Generated by iptables-save v1.3.5 on Sat Apr 11 12:52:21 2009
*filter
:INPUT DROP [4118:319422]
*filter
:INPUT DROP [4118:319422]
:FORWARD DROP [0:0]
:OUTPUT DROP [95:6080]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 30001:31000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -s 221.4.151.1 -p tcp -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 139 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 445 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 21 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 30001:31000 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
COMMIT
# Completed on Sat Apr 11 12:52:21 2009
# Generated by iptables-save v1.3.5 on Sat Apr 11 12:52:21 2009
*nat
:PREROUTING ACCEPT [4120:319566]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [97:6476]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE

另外,如果有高手知道答案,烦劳写的详细些,最好把详细的配置写出来,谢谢!!

------解决方案--------------------
貌似配置的不对啊...
建议楼主看看《linux防火墙》第3版吧...
英文的《linux firewall》3rd,网上到处都有...
------解决方案--------------------
http://www.kuqin.com/article/38proxy/504537.html

这里参考下配置吧
------解决方案--------------------
up............