Date: Fri, 2 Feb 2001 18:40:47 +0100 (MET) From: Mark Lastdrager <mark@pine.nl> To: Peter Brezny <peter@sysadmin-inc.com> Cc: <freebsd-net@FreeBSD.ORG> Subject: Re: ipfw and dns Message-ID: <Pine.GSO.4.30.0102021837520.1833-100000@atro.pine.nl> In-Reply-To: <001701c08d3e$892a1860$46010a0a@sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At Fri, 2 Feb 2001, owner-freebsd-net@FreeBSD.ORG wrote: >Is this all i need to allow dns queries from the outside world? > > $fwcmd add allow tcp from any 53 to $ns1 53 No, queries use udp and often don't use 53 as source port. And you have to make rules for both incoming and outgoing traffic.. >and now it appears that an outsidemachine can's perform an nslookup using my >box as the server to do the queries on. Look in the log and see what goes wrong ;-) There's an example in /etc/rc.firewall by the way: # Allow access to our DNS ${fwcmd} add pass tcp from any to ${oip} 53 setup ${fwcmd} add pass udp from any to ${oip} 53 ${fwcmd} add pass udp from ${oip} 53 to any Mark Lastdrager -- Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011 PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1 Today's excuse: telnet: Unable to connect to remote host: Connection refused To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.30.0102021837520.1833-100000>