From owner-freebsd-questions Mon Sep 27 12:17:51 1999 Delivered-To: freebsd-questions@freebsd.org Received: from diablo.peritek.com (diablo.peritek.com [198.151.249.9]) by hub.freebsd.org (Postfix) with ESMTP id 2D89014FA2 for ; Mon, 27 Sep 1999 12:17:47 -0700 (PDT) (envelope-from ibjoe@home.com) Received: from neptune (neptune [198.151.249.84]) by diablo.peritek.com (8.8.7/8.8.7) with SMTP id MAA10279; Mon, 27 Sep 1999 12:16:25 -0700 (PDT) X-Envelope-From: ibjoe@home.com X-Envelope-To: freebsd-questions@freebsd.org Message-Id: <2.2.32.19990927191625.00926dbc@netmail.home.com> X-Sender: ibjoe@netmail.home.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 27 Sep 1999 12:16:25 -0700 To: Ruslan Ermilov From: Joe Bo Subject: Re: ipfw, natd and DNS Cc: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi Ruslan, you wrote: >Argh, Joe :-( >You didn't mention that you have modified a stock rc.firewall! >When you have modified it, you deleted some lines, in particular, > ># Allow access to our DNS >$fwcmd add pass tcp from any to ${oip} 53 setup > >That's the 1st reason that the DNS doesn't work for you. ooops, sorry! I tried to take out what I didn't need, and since originally I wasn't using namd I didn't think I needed it. I forgot to add it back! Or maybe I thought that because I only wanted my internal net to access my DNS I didn't need the rule for ${oip}. I did put it back. >Also, please note the comment at the beginning of the ``simple'' section >in rc.firewall, which states: >: >: ############ >: # This is a prototype setup for a simple firewall. Configure this machine >: # as a named server and ntp server, and point all the machines on the inside >: # at this machine for those services. >: ############ >: (your comment rephrased): >This means that all your should be configured to >use as a DNS server, >but not , and this is the 2nd reason >of failing DNS. OK. The other stupid thing I forgot to do was to reconfigure the internal net PCs to use for DNS server, they were still set up to use . But I must have something wrong with the way I set up named, because when I made those changes (and rebooted) the PCs can no longer get out at all. I don't remember the error messages verbatim, but they had to do with not having a valid DNS server. I'm not getting any firewall rejects. I wonder if I can use my instead of my for DNS since my inside network is private (RFC1918 type)? I haven't had a chance to try and track down the named problem yet, I should work on it more before asking for help. But if you have any pointers I'm listening! Once again, thanks much for your help, Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message