From owner-freebsd-questions Mon Oct 29 12:17:35 2001 Delivered-To: freebsd-questions@freebsd.org Received: from khi.comsats.net.pk (khi.comsats.net.pk [210.56.4.10]) by hub.freebsd.org (Postfix) with ESMTP id 173E737B403 for ; Mon, 29 Oct 2001 12:17:25 -0800 (PST) Received: from ahsanalikh (ppp7-050khi.comsats.net.pk [210.56.7.50]) by khi.comsats.net.pk (8.11.4/8.11.4) with SMTP id f9TKFtV05177 for ; Tue, 30 Oct 2001 01:15:56 +0500 (PKT) Message-ID: <00b301c160b7$185e9d20$0100a8c0@ahsanalikh> From: "Ahsan Ali" To: References: <200110301456.f9UEt4l29746@ashram.rhavenn.net> Subject: Re: Firewall on 4.4 Date: Tue, 30 Oct 2001 01:20:01 +0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Slight correction to be made here - DNS uses UDP for the most part, but DNS queries greater than a certain length use TCP. Therefor if you allow only UDP through, DNS may seem to work perfectly fine most of the time but break occasionally for apparently "no" reason. :) ----- Original Message ----- From: "Henrik Hudson" To: "Ben Witkowski" ; Sent: Monday, October 29, 2001 8:00 PM Subject: Re: Firewall on 4.4 > You have of course modifed /etc/rc.firewall and the "simple" section for your > specific setup, right? > > Basic DNS queries run over UDP if I remember correctly, so I would start by > checking your setup in /etc/rc.firewall and making sure both interfaces are > being allowed in/out, etc... > > Henrik > > On Monday 29 October 2001 02:42, Ben Witkowski wrote: > > FreeBSD firewall.unitedglobaltrading.com 4.4-STABLE FreeBSD 4.4-STABLE #2: > > Thu Sep 27 18:02:08 PDT 2001 > > ben@firewall.unitedglobaltrading.com:/usr/obj/usr/src/sys/FIREWALL i386 > > > > i've installed a primary dns server on the above machine. > > > > the firewall is running "open", as "simple" type doesn't allow tcp traffic > > through..we still don't know why.. > > > > the main question/problem is the name server. > > it resolves hostnames fine on the internal network, but not on the outside > > interface. is there some firewall config to allow the name server to send > > and receive queries from ports other than 53? or should i consider > > re-configuring bind to revert to its old behavior with the query-source > > substatement? or is there any other know config elsewhere that might be > > causing this? > > > > much appreciation.. > > > > -ben > > aloha, oregon > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > > Henrik Hudson > lists@rhavenn.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message