Date: Sun, 21 Nov 2004 01:12:50 +0100 From: Emil Khatib <fenomenoxp2@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: host name lookup failure under 4.9 Message-ID: <dd9992320411201612322d4d3f@mail.gmail.com> In-Reply-To: <41976C23.2080602@mac.com> References: <dd999232041114061645000810@mail.gmail.com> <41976C23.2080602@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I've found finally the problem: I've been using natd without enabling IPDIVERT in the kernel. I gess that was the problem, as everything now works properly. Thnaks for your help On Sun, 14 Nov 2004 09:30:59 -0500, Chuck Swiger <cswiger@mac.com> wrote: > Emil Khatib wrote: > [ ... ] > > The firewall rules are: > > > > pass udp from me to any 53 keep-state > > pass tcp from me to any 20 keep-state > > pass tcp from me to any 21 keep-state > > pass tcp from me to any 80 keep-state > > > > So I want to allow DNS, FTP and HTTP. > > Your rules aren't enough to work right; at the very least, you need a > check-state rule to permit return traffic to the connections you approve of > via the keep-state keyword. I suggest you examine /etc/rc.firewall carefully > and look at the example rulesets there. > > Also, while you can use IPFW and natd in conjunction with PPP via the tun0 > interface, doing so is more complicated than need be since PPP already has > firewall and NAT'ing capabilities built-in. Using them directly via your > ppp.conf might be easier. > > -- > -Chuck >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dd9992320411201612322d4d3f>