Skip to Content.
Sympa Menu

dns-operations - Re: [opennic-dns-operations] Planned .OZ outage

dns-operations AT lists.opennicproject.org

Subject: Dns-operations mailing list

List archive

Re: [opennic-dns-operations] Planned .OZ outage


Chronological Thread 
    < Chronological >      < Thread >
  • From: Kevin Holly <opennic AT lists.dedilink.eu>
  • To: dns-operations AT lists.opennicproject.org
  • Subject: Re: [opennic-dns-operations] Planned .OZ outage
  • Date: Thu, 16 Jan 2014 06:37:50 +0100
And what happens when you add the iptables rules to this server? Are
there any errors/warnings/etc. printed out by iptables? Add the rules
and then run the commands from my previous mail again.

On 01/16/2014 05:49 AM, Hospedaje Web y Servidores Dedicados wrote:
> root@amsterdam003:~# iptables -nvxL
> Chain INPUT (policy ACCEPT 79641 packets, 8999008 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 92625 packets, 12355923 bytes)
> pkts bytes target prot opt in out source
> destination
> root@amsterdam003:~# iptables -nvxL -t nat
> Chain PREROUTING (policy ACCEPT 17758 packets, 962377 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 6583 packets, 483183 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 6583 packets, 483183 bytes)
> pkts bytes target prot opt in out source
> destination
> root@amsterdam003:~# iptables -nvxL -t mangle
> Chain PREROUTING (policy ACCEPT 79649 packets, 8999568 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain INPUT (policy ACCEPT 79649 packets, 8999568 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 92629 packets, 12357299 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 92629 packets, 12357299 bytes)
> pkts bytes target prot opt in out source
> destination
> root@amsterdam003:~# ip6tables -nvxL
> Chain INPUT (policy ACCEPT 42316 packets, 63374851 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 3404 packets, 259605 bytes)
> pkts bytes target prot opt in out source
> destination
> root@amsterdam003:~# ip6tables -nvxL -t nat
> WARNING: Deprecated config file /etc/modprobe.conf, all config files
> belong into /etc/modprobe.d/.
> FATAL: Module ip6_tables not found.
> ip6tables v1.4.8: can't initialize ip6tables table `nat': Table does not
> exist (do you need to insmod?)
> Perhaps ip6tables or your kernel needs to be upgraded.
> root@amsterdam003:~# ip6tables -nvxL -t mangle
> Chain PREROUTING (policy ACCEPT 42316 packets, 63374851 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain INPUT (policy ACCEPT 42316 packets, 63374851 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 3404 packets, 259605 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 3404 packets, 259605 bytes)
> pkts bytes target prot opt in out source
> destination
> root@amsterdam003:~#
>
>
>
> Ing. Alejandro M.
> Hospedaje Web y Servidores Dedicados
> http://www.dedicados.com.mx
> ------
> correo / msn: ventas AT dedicados.com.mx
> skype: dedicados
> ------
>
> El 15/01/2014 10:38 p. m., Kevin Holly escribió:
>> What does
>>
>> iptables -nvxL
>> iptables -nvxL -t nat
>> iptables -nvxL -t mangle
>> ip6tables -nvxL
>> ip6tables -nvxL -t nat
>> ip6tables -nvxL -t mangle
>>
>> say?
>>
>> On 01/16/2014 04:00 AM, Ing. Alejandro Marquez wrote:
>>> Tried many times and dont work
>>>
>>> Maybe you can take a look inside server
>>>
>>>
>>>
>>> Jeff Taylor <shdwdrgn AT sourpuss.net> escribió:
>>>
>>> Are you getting any errors when you try to use the iptables
>>> rules? I run
>>> debian wheezy here, so the listed rules should work just fine
>>> for you.
>>>
>>>
>>> On 01/12/2014 10:44 PM, Hospedaje Web y Servidores Dedicados wrote:
>>>
>>> yes, tried but dont work, on my debian.
>>>
>>> Ing. Alejandro M.
>>> Hospedaje Web y Servidores Dedicados
>>> http://www.dedicados.com.mx
>>> ------
>>> correo / msn: ventas AT dedicados.com.mx
>>> skype: dedicados
>>> ------
>>>
>>> El 12/01/2014 11:34 p. m., Brian Koontz escribió:
>>>
>>> On Sun, Jan 12, 2014 at 11:27:02PM -0600, Hospedaje Web y
>>> Servidores
>>> Dedicados wrote:
>>>
>>> im having same issue with 4 of my dns servers, i get
>>> report of DDOS
>>> attacks from my servers.
>>>
>>> so i need to set the recursion to NO.
>>>
>>> this change will make tier2 work good? or dont?
>>>
>>> No, because your T2's have to be recursive. The problem
>>> below was for
>>> a T1.
>>>
>>> Have you tried Jeff's scripts and the firewall rules on the
>>> wiki?
>>>
>>> --Brian
>>>
>>> ----
>>> To unsubscribe, email
>>> dns-operations-unsubscribe AT lists.opennicproject.org
>>>
>>>
>>>
>>>
>>> ----
>>> To unsubscribe, email
>>> dns-operations-unsubscribe AT lists.opennicproject.org
>>>
>>>
>>>
>>> ----
>>> To unsubscribe, email
>>> dns-operations-unsubscribe AT lists.opennicproject.org
>>>
>>>
>>> --
>>> Enviado desde mi teléfono con K-9 Mail.
>>>
>>> ----
>>> To unsubscribe, email
>>> dns-operations-unsubscribe AT lists.opennicproject.org
>
>
> ----
> To unsubscribe, email dns-operations-unsubscribe AT lists.opennicproject.org

--
Best regards

Kevin Holly - root AT hallowe.lt - http://hallowe.lt/

Archive powered by MHonArc 2.6.19.

Top of Page