Date: Thu, 11 Apr 2002 16:33:59 -0400 From: "Moti" <moti@flncs.com> To: "Bob Kersten" <bob@fellownet.org>, <freebsd-questions@freebsd.org> Subject: Re: again... Message-ID: <054c01c1e198$36009150$fd6e34c6@mlevy> References: <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278>
next in thread | previous in thread | raw e-mail | index | archive | help
Asuming you use bind8+ you can use the allow-query option in named.conf and put only your internal net. somthing like allow-query { 10.1.1.0/24;} ----- Original Message ----- From: "Bob Kersten" <bob@fellownet.org> To: <freebsd-questions@freebsd.org> Sent: Thursday, April 11, 2002 10:53 AM Subject: again... > Hi, > > I'm running named on my server to allow the users of my internal > network to fill in this server as their DNS server. This server has > two NIC's, one for the external (internet) connection and one for > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and > up. This is working just fine, but I discovered that I can use this > server as my DNS server from my computer at work (outside my internal > network) by entering the IP I got from my ISP and which I have setup > for the first NIC I mentioned above. > > I don't know if this makes the situation clear for you, but I > would like to restrict access to my DNS server from outside and only > allow the internal clients to use the server for their DNS. > > Can this be done, and if so, how? I'm using natd to route traffic > from my internal network to the internet. Below is a copy of my > rc.conf. > > Thnx in advance for every givin answer, > Bob. > > [rc.conf] > > defaultrouter="213.51.184.1" > gateway_enable="YES" > hostname="buffy.fellownet.org" > > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0" > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0" > > inetd_enable="YES" > inetd_flags="-l" > > kern_securelevel_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > named_enable="YES" > sshd_enable="YES" > > ntpdate_enable="YES" > ntpdate_flags="ntp0.nl.net" > > tcp_extensions="YES" > router_enable="NO" > > firewall_enable="YES" > firewall_type="OPEN" > > natd_enable="YES" > natd_program="/sbin/natd" > natd_interface="ed0" > natd_flags="" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?054c01c1e198$36009150$fd6e34c6>