Date: Wed, 18 May 2005 11:03:04 -0600 From: Jose Hidalgo <jose@hostarica.com> To: Stephane Raimbault <stephane@enertiasoft.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: named error sending response: permision denied Message-ID: <1116435784.34699.23.camel@jose> In-Reply-To: <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com> References: <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote:
> I also noticed these errors in my ipfw.log file:
>
> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
> 63.252.160.219:53 204.9.110.134:3371 in via vlan1
> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
> 63.252.160.219:53 204.9.110.134:1420 in via vlan1
> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
> 63.252.160.219:53 204.9.110.134:2961 in via vlan1
> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
> 63.252.160.219:53 204.9.110.134:4701 in via vlan1
As you can see and according with the ACLs, you have
the problem when 204.9.110.134 is the client of
the dns queries.
You may need to add
${fwcmd} add pass udp from ${ip2} to any 53 keep state
or you may want to reduce the number of rules with:
${fwcmd} add pass udp from any to any 53 keep state
--
Jose Hidalgo <jose@hostarica.com>
Corp. Hostarica S.A.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1116435784.34699.23.camel>