From owner-freebsd-questions Tue Jul 24 2: 4:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from wombat.bytecraft.au.com (wombat.bytecraft.au.com [203.39.118.3]) by hub.freebsd.org (Postfix) with ESMTP id EE35537B407 for ; Tue, 24 Jul 2001 02:04:21 -0700 (PDT) (envelope-from taylorm@bytecraftsystems.com) Received: from pc99101401.bytecraft.au.com (unknown [203.39.118.42]) by wombat.bytecraft.au.com (Postfix) with SMTP id EE1C33E9F for ; Tue, 24 Jul 2001 19:04:15 +1000 (EST) Message-ID: <01cf01c1141f$e69a5420$2a7627cb@bytecraft.au.com> From: "MurrayTaylor" To: Subject: Ipfw and DNS on point to point link Date: Tue, 24 Jul 2001 19:06:18 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Given that my DNS server is on the end of a frame relay point to point link which has a a particular IP number set and I have a Public IP number range assigned which I am using for my hosts, should I block all DNS udp and tcp to the external address? I currently have ipfw rules to alow both addresses to be visible and I seem to get traffic to both, although the external one gets most by quite a large margin. The public IP is the official DNS address. (ext) +-----------+ (int) x.y.z.1 ------- x.y.z.2| ext int| a.b.c.1 ------- a.b.c.0/25 lan | | +-----------+ The box is my DNS master server, with an offsite secondary at my ISP. There is no reference to the x.y.z.2 number in any DNS records. However historically the x.y.z IP nos were allowed through the ipfw rules and obviously some traffic has attached itself to the x.y.z numbers in the past. So - can any see any good reason to hold open the x.y.z numbers? cheers mjt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message