From owner-freebsd-questions@FreeBSD.ORG Mon Nov 8 00:28:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 83BBC16A4CE for ; Mon, 8 Nov 2004 00:28:36 +0000 (GMT) Received: from twiddle.look.ca (beta1.look.ca [207.136.80.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C17643D48 for ; Mon, 8 Nov 2004 00:28:36 +0000 (GMT) (envelope-from david+dated+1100305688.15b697@skytrackercanada.com) Received: from [209.161.205.12] (helo=3s1.com) by twiddle.look.ca with esmtp (Exim 4.20) id 1CQxOZ-0003Rk-QL for questions@freebsd.org; Mon, 08 Nov 2004 00:28:33 +0000 Received: (from root@localhost) by 3s1.com (8.12.8p1/8.12.8) id iA80SLW7079253 for questions@freebsd.org; Sun, 7 Nov 2004 19:28:21 -0500 (EST) (envelope-from david+dated+1100305688.15b697@skytrackercanada.com) Received: from 3s1.com (localhost [127.0.0.1]) by 3s1.com (8.12.8p1/8.9.3) with ESMTP id iA80SE0i079108 for ; Sun, 7 Nov 2004 19:28:17 -0500 (EST) Received: (from david@localhost) by 3s1.com (8.12.8p1/8.12.8/Submit) id iA80SAox079060 for questions@freebsd.org; Sun, 7 Nov 2004 19:28:10 -0500 (EST) (envelope-from david+dated+1100305688.15b697@skytrackercanada.com) X-Authentication-Warning: 3s1.com: david set sender to david+dated+1100305688.15b697@skytrackercanada.com using -f Received: by 3s1.com (tmda-sendmail, from uid 1000); Sun, 07 Nov 2004 19:28:08 -0500 (EST) Date: Sun, 7 Nov 2004 19:28:06 -0500 To: questions@freebsd.org, Emil Khatib Message-ID: <20041108002806.GA78122@skytrackercanada.com> References: <20041107185705.GA6526@skytrackercanada.com> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i From: David Banning X-Delivery-Agent: TMDA/1.0.2 (Bold Forbes) X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/) X-SA-Exim-Mail-From: david+dated+1100305688.15b697@skytrackercanada.com Content-Type: text/plain; charset=us-ascii X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on chi.look.ca X-Spam-Level: * X-Spam-Status: No, hits=1.1 required=9.0 tests=FROM_ENDS_IN_NUMS, FROM_HAS_MIXED_NUMS autolearn=no version=2.63 X-SA-Exim-Version: 3.1 (built Tue Feb 24 05:09:27 GMT 2004) X-SA-Exim-Scanned: Yes Subject: Re: ipfw allowing browser only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 00:28:36 -0000 On Sun, Nov 07, 2004 at 08:39:24PM +0100, Emil Khatib wrote: > You must enable also DNS queries. DNS port is 53 (i think) I looked around and I think you are right on the port number, but it still does not run. Here is my list now; 01150 allow tcp from any to 192.168.1.6 53 01152 allow tcp from any to 192.168.1.6 80 01153 allow udp from any to 192.168.1.6 80 01154 allow udp from any to 192.168.1.6 53 01200 deny ip from any to 192.168.1.6 65535 allow ip from any to any Now 192.168.1.6 is my client. I wonder if I should be entering this "192.168.1.6 to any" rather than "any to 192.168.1.6" I have also cleared my ipnat rules to try and simplify here. Something very basic is not working here.