Date: Tue, 29 Oct 2002 17:16:35 -0500 (EST) From: Simon1 <simon1@server.simon1.net> To: C KH <dubbified@hotmail.com> Cc: <questions@FreeBSD.ORG> Subject: Re: Can't connect to DNS servers -- Firewall prob? Message-ID: <20021029170909.F4893-100000@server.simon1.net> In-Reply-To: <F88vQd2vkqujAYzRaA60001a353@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Actually I neglected to mention I also have this rule: > > # Allow all traffic from internal lan > $fwcmd add allow all from 192.168.0.0/16 to any How is this box configured? If it's setup to act as a gateway: LOCAL_LAN (192.168.x.x) ----> Interface A | Server | Internet ($externam_ip) ----> Interface B The DNS servers are going to be on the Internet, from what you posted, which means that your server isn't connecting to it as 192.168.x.x, but isntead as $external_ip_address. So, allowing the 192.168.x.x network to access anything isn't going to work -- because as far as the server is concerned it's using $external_ip. You need a rule allowing whatever address its using for the *internet* to connect to the nameserver. To use a (made up) example: I setup a gateway machine for NAT & etc. Local LAN address is 192.168.0.1, external address is 100.10.10.1 When the system accesses the internal network, it'll make use if the 192.168.0.1 address, but when it goes out on the internet (on the second network card) it'll use the 100.10.10.1 If the DNS servers aren't on the 192.168.x.x LAN, and are on the internet instead, you'll need to add a rule to allow "100.10.10.1" (aka your external IP) to access the DNS servers. -Wolfe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021029170909.F4893-100000>