Date: Thu, 11 Apr 2002 23:08:29 +0200 From: "BSDJunk" <BSDJunk@1729.net> To: "Moti" <moti@flncs.com>, "Bob Kersten" <bob@fellownet.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: again... Message-ID: <017601c1e19d$08383160$0801a8c0@lan.1729.net> References: <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278> <054c01c1e198$36009150$fd6e34c6@mlevy>
next in thread | previous in thread | raw e-mail | index | archive | help
Or you can use your firewall and block access to your DNS server from the outside: ipfw add deny udp from any to 213.51.186.212 53 in via ed0 ----- Original Message ----- From: "Moti" <moti@flncs.com> To: "Bob Kersten" <bob@fellownet.org>; <freebsd-questions@FreeBSD.ORG> Sent: Thursday, April 11, 2002 10:33 PM Subject: Re: again... > Asuming you use bind8+ you can use the allow-query option in named.conf and > put only your internal net. > somthing like > allow-query { 10.1.1.0/24;} > > ----- Original Message ----- > From: "Bob Kersten" <bob@fellownet.org> > To: <freebsd-questions@freebsd.org> > Sent: Thursday, April 11, 2002 10:53 AM > Subject: again... > > > > Hi, > > > > I'm running named on my server to allow the users of my internal > > network to fill in this server as their DNS server. This server has > > two NIC's, one for the external (internet) connection and one for > > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and > > up. This is working just fine, but I discovered that I can use this > > server as my DNS server from my computer at work (outside my internal > > network) by entering the IP I got from my ISP and which I have setup > > for the first NIC I mentioned above. > > > > I don't know if this makes the situation clear for you, but I > > would like to restrict access to my DNS server from outside and only > > allow the internal clients to use the server for their DNS. > > > > Can this be done, and if so, how? I'm using natd to route traffic > > from my internal network to the internet. Below is a copy of my > > rc.conf. > > > > Thnx in advance for every givin answer, > > Bob. > > > > [rc.conf] > > > > defaultrouter="213.51.184.1" > > gateway_enable="YES" > > hostname="buffy.fellownet.org" > > > > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0" > > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0" > > > > inetd_enable="YES" > > inetd_flags="-l" > > > > kern_securelevel_enable="NO" > > nfs_reserved_port_only="YES" > > sendmail_enable="YES" > > named_enable="YES" > > sshd_enable="YES" > > > > ntpdate_enable="YES" > > ntpdate_flags="ntp0.nl.net" > > > > tcp_extensions="YES" > > router_enable="NO" > > > > firewall_enable="YES" > > firewall_type="OPEN" > > > > natd_enable="YES" > > natd_program="/sbin/natd" > > natd_interface="ed0" > > natd_flags="" > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017601c1e19d$08383160$0801a8c0>