Date: Fri, 2 Feb 2001 18:40:47 +0100 (MET) From: Mark Lastdrager <mark@pine.nl> To: Peter Brezny <peter@sysadmin-inc.com> Cc: <freebsd-net@FreeBSD.ORG> Subject: Re: ipfw and dns Message-ID: <Pine.GSO.4.30.0102021837520.1833-100000@atro.pine.nl> In-Reply-To: <001701c08d3e$892a1860$46010a0a@sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At Fri, 2 Feb 2001, owner-freebsd-net@FreeBSD.ORG wrote:
>Is this all i need to allow dns queries from the outside world?
>
> $fwcmd add allow tcp from any 53 to $ns1 53
No, queries use udp and often don't use 53 as source port. And you have to
make rules for both incoming and outgoing traffic..
>and now it appears that an outsidemachine can's perform an nslookup using my
>box as the server to do the queries on.
Look in the log and see what goes wrong ;-)
There's an example in /etc/rc.firewall by the way:
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
Mark Lastdrager
--
Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011
PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1
Today's excuse: telnet: Unable to connect to remote host: Connection
refused
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.30.0102021837520.1833-100000>