From owner-freebsd-questions Mon Jul 19 16:36:20 1999 Delivered-To: freebsd-questions@freebsd.org Received: from iguana.internexo.co.cr (iguana.internexo.co.cr [196.40.17.2]) by hub.freebsd.org (Postfix) with ESMTP id 1629114D32 for ; Mon, 19 Jul 1999 16:36:06 -0700 (PDT) (envelope-from freebsd@iguana.internexo.co.cr) Received: (from freebsd@localhost) by iguana.internexo.co.cr (8.9.3/8.9.3) id RAA27900; Mon, 19 Jul 1999 17:34:32 -0600 (CST) From: Theodore Hope Message-Id: <199907192334.RAA27900@iguana.internexo.co.cr> Subject: Re: FreeBSD + Cisco Access Lists To: denp@acnet.net (Ivan Villalobos) Date: Mon, 19 Jul 1999 17:34:32 -0600 (CST) Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <4.1.19990719175537.009b7900@mailmtx.acnet.net> from "Ivan Villalobos" at Jul 19, 99 06:02:04 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > When we put an access list on a cisco router, blocking all incoming ICMP > traffic to the FreeBSD server, the server (a DNS server) is not able to > resolve any name, when we take the access list out, it works. It would > appear at first glance that there is a problem in the access list, but the > other DNS server, running Solaris x86 2.6 work just fine, same access list. > What is more, this FreeBSD installation is replacing an old Solaris x86 > server, that worked just fine with the same access list. Sounds like you're not only blocking ICMP but also UDP, which DNS uses. Check your lists again. Remember that when you do certain deny/allow things on Cisco lists, you may also implicitly be deny'ing other traffic (such as UDP). But that's Cisco stuff, so it's way off-topic ;-) Good luck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message