Date: Tue, 30 Oct 2001 01:20:01 +0500 From: "Ahsan Ali" <ahsan@khi.comsats.net.pk> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: Firewall on 4.4 Message-ID: <00b301c160b7$185e9d20$0100a8c0@ahsanalikh> References: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com> <200110301456.f9UEt4l29746@ashram.rhavenn.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Slight correction to be made here - DNS uses UDP for the most part, but DNS queries greater than a certain length use TCP. Therefor if you allow only UDP through, DNS may seem to work perfectly fine most of the time but break occasionally for apparently "no" reason. :) ----- Original Message ----- From: "Henrik Hudson" <lists@rhavenn.net> To: "Ben Witkowski" <ben@alohagrowers.com>; <freebsd-questions@FreeBSD.ORG> Sent: Monday, October 29, 2001 8:00 PM Subject: Re: Firewall on 4.4 > You have of course modifed /etc/rc.firewall and the "simple" section for your > specific setup, right? > > Basic DNS queries run over UDP if I remember correctly, so I would start by > checking your setup in /etc/rc.firewall and making sure both interfaces are > being allowed in/out, etc... > > Henrik > > On Monday 29 October 2001 02:42, Ben Witkowski wrote: > > FreeBSD firewall.unitedglobaltrading.com 4.4-STABLE FreeBSD 4.4-STABLE #2: > > Thu Sep 27 18:02:08 PDT 2001 > > ben@firewall.unitedglobaltrading.com:/usr/obj/usr/src/sys/FIREWALL i386 > > > > i've installed a primary dns server on the above machine. > > > > the firewall is running "open", as "simple" type doesn't allow tcp traffic > > through..we still don't know why.. > > > > the main question/problem is the name server. > > it resolves hostnames fine on the internal network, but not on the outside > > interface. is there some firewall config to allow the name server to send > > and receive queries from ports other than 53? or should i consider > > re-configuring bind to revert to its old behavior with the query-source > > substatement? or is there any other know config elsewhere that might be > > causing this? > > > > much appreciation.. > > > > -ben > > aloha, oregon > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > > Henrik Hudson > lists@rhavenn.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b301c160b7$185e9d20$0100a8c0>