Date: Sun, 21 Apr 2002 08:10:04 -0700 (PDT) From: "Earl A. Killian" <earl@killian.com> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/37301: 4.5 rc.firewall type simple does not pass icmp, or inside to gateway udp Message-ID: <200204211510.g3LFA4g82132@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/37301; it has been noted by GNATS.
From: "Earl A. Killian" <earl@killian.com>
To: "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/37301: 4.5 rc.firewall type simple does not pass icmp, or inside to gateway udp
Date: Sun, 21 Apr 2002 08:06:16 -0700
Crist J. Clark writes:
> Date: Sun, 21 Apr 2002 01:19:05 -0700
> From: "Crist J. Clark" <cjc@FreeBSD.ORG>
>
> You are missing,
>
> # Allow access to our DNS
> ${fwcmd} add pass tcp from any to ${oip} 53 setup
> ${fwcmd} add pass udp from any to ${oip} 53
> ${fwcmd} add pass udp from ${oip} 53 to any
>
> Which allow internal machines to reach the DNS server on the
> gateway. Remember,
But note the ${oip}. My DNS was returning ${iip} for the address of my
internal gateway, so these rules did not apply. This is my original
complaint.
> ############
> # This is a prototype setup for a simple firewall. Configure this
> # machine as a named server and ntp server, and point all the machines
> # on the inside at this machine for those services.
> ############
>
> (Not that that the rules actually work for NTP. ;)
I guess the comment needs to say point all the machines on the inside
at the outside address of this machine.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204211510.g3LFA4g82132>