Date: Wed, 18 May 2005 11:08:03 -0600 From: Stephane Raimbault <stephane@enertiasoft.com> To: Jose Hidalgo <jose@hostarica.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: named error sending response: permision denied Message-ID: <DBDEAE42-4CD3-4989-AEB8-CF4794942240@enertiasoft.com> In-Reply-To: <1116435784.34699.23.camel@jose> References: <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com> <1116435784.34699.23.camel@jose>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18-May-05, at 11:03 AM, Jose Hidalgo wrote:
> On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote:
>
>
>> I also noticed these errors in my ipfw.log file:
>>
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:3371 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:1420 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:2961 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:4701 in via vlan1
>>
>
>
> As you can see and according with the ACLs, you have
> the problem when 204.9.110.134 is the client of
> the dns queries.
>
> You may need to add
>
> ${fwcmd} add pass udp from ${ip2} to any 53 keep state
>
Actually... I already had this in another part of my ipfw rules
${fwcmd} add pass udp from ${ip2} to any 53 keep-state
the server itself can also make dns requests out... however it still
seems that requests (not all) are getting kaboshed by something.
> or you may want to reduce the number of rules with:
>
> ${fwcmd} add pass udp from any to any 53 keep state
>
> --
> Jose Hidalgo <jose@hostarica.com>
> Corp. Hostarica S.A.
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBDEAE42-4CD3-4989-AEB8-CF4794942240>