Date: Thu, 11 Apr 2002 23:08:29 +0200 From: "BSDJunk" <BSDJunk@1729.net> To: "Moti" <moti@flncs.com>, "Bob Kersten" <bob@fellownet.org>, <freebsd-questions@FreeBSD.ORG> Subject: Re: again... Message-ID: <017601c1e19d$08383160$0801a8c0@lan.1729.net> References: <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278> <054c01c1e198$36009150$fd6e34c6@mlevy>
next in thread | previous in thread | raw e-mail | index | archive | help
Or you can use your firewall and block access to your DNS server from the
outside:
ipfw add deny udp from any to 213.51.186.212 53 in via ed0
----- Original Message -----
From: "Moti" <moti@flncs.com>
To: "Bob Kersten" <bob@fellownet.org>; <freebsd-questions@FreeBSD.ORG>
Sent: Thursday, April 11, 2002 10:33 PM
Subject: Re: again...
> Asuming you use bind8+ you can use the allow-query option in named.conf
and
> put only your internal net.
> somthing like
> allow-query { 10.1.1.0/24;}
>
> ----- Original Message -----
> From: "Bob Kersten" <bob@fellownet.org>
> To: <freebsd-questions@freebsd.org>
> Sent: Thursday, April 11, 2002 10:53 AM
> Subject: again...
>
>
> > Hi,
> >
> > I'm running named on my server to allow the users of my internal
> > network to fill in this server as their DNS server. This server has
> > two NIC's, one for the external (internet) connection and one for
> > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and
> > up. This is working just fine, but I discovered that I can use this
> > server as my DNS server from my computer at work (outside my internal
> > network) by entering the IP I got from my ISP and which I have setup
> > for the first NIC I mentioned above.
> >
> > I don't know if this makes the situation clear for you, but I
> > would like to restrict access to my DNS server from outside and only
> > allow the internal clients to use the server for their DNS.
> >
> > Can this be done, and if so, how? I'm using natd to route traffic
> > from my internal network to the internet. Below is a copy of my
> > rc.conf.
> >
> > Thnx in advance for every givin answer,
> > Bob.
> >
> > [rc.conf]
> >
> > defaultrouter="213.51.184.1"
> > gateway_enable="YES"
> > hostname="buffy.fellownet.org"
> >
> > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0"
> > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0"
> >
> > inetd_enable="YES"
> > inetd_flags="-l"
> >
> > kern_securelevel_enable="NO"
> > nfs_reserved_port_only="YES"
> > sendmail_enable="YES"
> > named_enable="YES"
> > sshd_enable="YES"
> >
> > ntpdate_enable="YES"
> > ntpdate_flags="ntp0.nl.net"
> >
> > tcp_extensions="YES"
> > router_enable="NO"
> >
> > firewall_enable="YES"
> > firewall_type="OPEN"
> >
> > natd_enable="YES"
> > natd_program="/sbin/natd"
> > natd_interface="ed0"
> > natd_flags=""
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017601c1e19d$08383160$0801a8c0>