From owner-freebsd-questions@FreeBSD.ORG Mon Nov 14 15:13:39 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1000216A41F for ; Mon, 14 Nov 2005 15:13:39 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail21.sea5.speakeasy.net (mail21.sea5.speakeasy.net [69.17.117.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3729D43D49 for ; Mon, 14 Nov 2005 15:13:38 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 30128 invoked from network); 14 Nov 2005 15:13:37 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail21.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 14 Nov 2005 15:13:37 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 6806E28441; Mon, 14 Nov 2005 10:13:37 -0500 (EST) Sender: lowell@be-well.ilk.org To: aj@siegel-tech.net References: <200511122338.49766.bulk_mail@siegel-tech.net> From: Lowell Gilbert Date: 14 Nov 2005 10:13:37 -0500 In-Reply-To: <200511122338.49766.bulk_mail@siegel-tech.net> Message-ID: <44acg79s9q.fsf@be-well.ilk.org> Lines: 40 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: In a bit of a bind - DNS problems and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Nov 2005 15:13:39 -0000 Aaron Siegel writes: > Hello > > I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a > custom firewall (ipfw) or the "Simple" firewall through rc.firewall my > clients are unable to resolve DNS when DNS does work with the "Open" ruleset > that is provide by rc.firewall. I create the custom firewall couple years > ago and they work fine under 4.11 but after the upgrade I have not been able > to get them to work. > > I sure I am doing something stupid but I am not smart enough to solve it at > the moment. > > Thank you > Aaron Siegel > > Custom firewall rules > #Allow DNS > $cmd 019 allow tcp from any to any 53 out via $pif > $cmd 018 allow udp from any to any 53 out via $pif You need to let the replies back in. Try keep-state. > /etc/rc.conf > gateway_enable="YES" > firewall_enable="YES" > firewall_type="open" > natd_enable="YES" > natd_interface="dc0" > > ifconfig_dc0="192.168.0.2" #public interface > ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" #private interface > > /etc/rc.conf > I have commented out the following lines > #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif} Why?