Je suis en local pour les tests : donc pas de box entre es 2 (on verra après pour celle-ci) l’adresse 192.168.0.210
est l’adresse local et non web.
Sur l’interface GUI du pare-feu : 53 est ouvert en TCP et UDP, en ipv4 et ipv6, et l’upnp est désactivé.
Donc : selon toi cela devrait passer en local ?
Si je me place sur le serveur :
$ dig maison.example.org ANY @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> maison.example.org ANY @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7716
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;maison.example.org. IN ANY
;; ANSWER SECTION:
maison.example.org. 0 IN TXT "v=spf1 mx a -all"
maison.example.org. 0 IN MX 5 maison.example.org.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu May 28 14:34:09 CEST 2020
;; MSG SIZE rcvd: 112
Donc : ca bloque bien quelque part.
Mon iptables :
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
f2b-yunohost tcp -- anywhere anywhere multiport dports http,https
f2b-nextcloud tcp -- anywhere anywhere multiport dports http,https
f2b-pam-generic tcp -- anywhere anywhere
f2b-recidive tcp -- anywhere anywhere
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,submission,imap2,imaps,pop3,pop3s
f2b-dovecot tcp -- anywhere anywhere multiport dports pop3,pop3s,imap2,imaps,submission,sieve
f2b-postfix tcp -- anywhere anywhere multiport dports smtp,submission
f2b-nginx-http-auth tcp -- anywhere anywhere multiport dports http,https
f2b-sshd-ddos tcp -- anywhere anywhere multiport dports ssh
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere tcp dpt:xmpp-server
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:64738
ACCEPT tcp -- anywhere anywhere tcp dpt:4443
ACCEPT tcp -- anywhere anywhere tcp dpt:5347
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:587
ACCEPT udp -- anywhere anywhere udp dpt:64738
ACCEPT udp -- anywhere anywhere udp dpt:10000
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-dovecot (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-nextcloud (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-nginx-http-auth (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-pam-generic (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-recidive (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-sshd-ddos (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain f2b-yunohost (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Je retrouve mon dns en udp, mais pas en tcp (ou j’ai pas de bons yeux).
Mais c’est pas une feature qui est vraiment testée.
C’est l’occase 