Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Apr 2002 16:33:59 -0400
From:      "Moti" <moti@flncs.com>
To:        "Bob Kersten" <bob@fellownet.org>, <freebsd-questions@freebsd.org>
Subject:   Re: again...
Message-ID:  <054c01c1e198$36009150$fd6e34c6@mlevy>
References:  <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278>
next in thread | previous in thread | raw e-mail | index | archive | help 
Asuming you use bind8+ you can use the allow-query option in named.conf and
put only your internal net.
somthing like
allow-query { 10.1.1.0/24;}

----- Original Message -----
From: "Bob Kersten" <bob@fellownet.org>
To: <freebsd-questions@freebsd.org>
Sent: Thursday, April 11, 2002 10:53 AM
Subject: again...


> Hi,
>
>     I'm running named on my server to allow the users of my internal
> network to fill in this server as their DNS server. This server has
> two NIC's, one for the external (internet) connection and one for
> internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and
> up. This is working just fine, but I discovered that I can use this
> server as my DNS server from my computer at work (outside my internal
> network) by entering the IP I got from my ISP and which I have setup
> for the first NIC I mentioned above.
>
>     I don't know if this makes the situation clear for you, but I
> would like to restrict access to my DNS server from outside and only
> allow the internal clients to use the server for their DNS.
>
>     Can this be done, and if so, how? I'm using natd to route traffic
> from my internal network to the internet. Below is a copy of my
> rc.conf.
>
> Thnx in advance for every givin answer,
>  Bob.
>
> [rc.conf]
>
> defaultrouter="213.51.184.1"
> gateway_enable="YES"
> hostname="buffy.fellownet.org"
>
> ifconfig_ed0="inet 213.51.186.212  netmask 255.255.252.0"
> ifconfig_ed1="inet 10.0.0.1        netmask 255.255.255.0"
>
> inetd_enable="YES"
> inetd_flags="-l"
>
> kern_securelevel_enable="NO"
> nfs_reserved_port_only="YES"
> sendmail_enable="YES"
> named_enable="YES"
> sshd_enable="YES"
>
> ntpdate_enable="YES"
> ntpdate_flags="ntp0.nl.net"
>
> tcp_extensions="YES"
> router_enable="NO"
>
> firewall_enable="YES"
> firewall_type="OPEN"
>
> natd_enable="YES"
> natd_program="/sbin/natd"
> natd_interface="ed0"
> natd_flags=""
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?054c01c1e198$36009150$fd6e34c6>