Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Dec 2001 12:56:48 -0800 (PST)
From:      X Philius <xphilius@yahoo.com>
To:        "Thomas T. Veldhouse" <veldy@veldy.net>, security@freebsd.org
Subject:   Re: Help with ipfw rules to allow DNS queries through
Message-ID:  <20011226205648.87285.qmail@web11801.mail.yahoo.com>
In-Reply-To: <00ea01c18e4b$19edf0c0$3028680a@tgt.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thomas (and other helpful security folks)
This is exactly what I am using, and it does not seem to work. Perhaps
it is NAT messing me up. I am behind a Cisco router that is doing the
NAT for me, but as far as I know it is wide open between me and the
net, other than a straight translation from my internal address to my
external address. Hmmm. However, I can access another DNS server as a
client with the default open rule set, but not with this set in place.
This makes me think that NAT is *not* the problem. I would also like to
get set up as a primary and/or secondary DNS server (going to set up a
swap with a friend, the usual low rent DNS set up ;-), so just
accessing an external name server as a client is not the ultimate goal.
I would also like to allow others to access my machine as a DNS server,
and to be authoratative on some domains. Any suggestions? 

Jason

--- "Thomas T. Veldhouse" <veldy@veldy.net> wrote:
> Try replacing your DNS rules with this:
> 
> # Allow access to our DNS
> ${fwcmd} add pass tcp from any to ${ip} 53 setup
> ${fwcmd} add pass udp from any to ${ip} 53
> ${fwcmd} add pass udp from ${ip} 53 to any
> 
> Straight out of /etc/rc.firewall.  I don't think the first line is
> really
> necessary, and in fact, it probably allows zone transfers, so if you
> don't
> want these, don't include it.


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011226205648.87285.qmail>