Date: Wed, 18 May 2005 11:08:03 -0600 From: Stephane Raimbault <stephane@enertiasoft.com> To: Jose Hidalgo <jose@hostarica.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: named error sending response: permision denied Message-ID: <DBDEAE42-4CD3-4989-AEB8-CF4794942240@enertiasoft.com> In-Reply-To: <1116435784.34699.23.camel@jose> References: <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com> <1116435784.34699.23.camel@jose>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18-May-05, at 11:03 AM, Jose Hidalgo wrote: > On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote: > > >> I also noticed these errors in my ipfw.log file: >> >> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP >> 63.252.160.219:53 204.9.110.134:3371 in via vlan1 >> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP >> 63.252.160.219:53 204.9.110.134:1420 in via vlan1 >> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP >> 63.252.160.219:53 204.9.110.134:2961 in via vlan1 >> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP >> 63.252.160.219:53 204.9.110.134:4701 in via vlan1 >> > > > As you can see and according with the ACLs, you have > the problem when 204.9.110.134 is the client of > the dns queries. > > You may need to add > > ${fwcmd} add pass udp from ${ip2} to any 53 keep state > Actually... I already had this in another part of my ipfw rules ${fwcmd} add pass udp from ${ip2} to any 53 keep-state the server itself can also make dns requests out... however it still seems that requests (not all) are getting kaboshed by something. > or you may want to reduce the number of rules with: > > ${fwcmd} add pass udp from any to any 53 keep state > > -- > Jose Hidalgo <jose@hostarica.com> > Corp. Hostarica S.A. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBDEAE42-4CD3-4989-AEB8-CF4794942240>