Date: Tue, 19 Mar 2002 18:44:35 +0100 From: Francesco Casadei <fcasadei@inwind.it> To: "Clark C . Evans" <cce@clarkevans.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw / tinydns settings Message-ID: <20020319184435.A4231@goku.kasby> In-Reply-To: <20020318212513.A27453@doublegemini.com>; from cce@clarkevans.com on Mon, Mar 18, 2002 at 09:25:13PM -0500 References: <20020318212513.A27453@doublegemini.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Mar 18, 2002 at 09:25:13PM -0500, Clark C . Evans wrote:
> Hello. I'm running tinydns on a box with ipfw,
> what incantation do I need to allow dns queries
> to the box? I have...
>=20
> add pass all from any to any via lo0
> add pass udp from any to me 53 keep-state
> add pass udp from me to any 53=20
>=20
> Anyway, I read the ipfw manual but I don't=20
> quite grok what's going on; it looks like
> the queries are making their way in, but
> the response from tinydns is being blocked. =20
> As soon as I put "add pass udp from any to any"
> it works... but I did this just to make sure
> that it is a ipfw issue. =20
>=20
> Thanks!
>=20
> Clark
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20
> end of the original message
To allow incoming/outgoing DNS queries I have the following rules in the
firewall ruleset file:
/sbin/ipfw add check-state
/sbin/ipfw add allow udp from any to ${oip} 53 in recv ${oif} keep-state
/sbin/ipfw add allow udp from ${oip} to any 53 out xmit ${oif} keep-state
${oip} and ${oif} are respectively the IP address and the name of the output
network interface.
Francesco Casadei
--=20
You can download my public key from http://digilander.iol.it/fcasadei/
or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...)
Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B
--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8l3kDfsM3XxZOsXsRAnIcAKCBhK5VB0a41OuE1+BMExi9ddYSQACfQ8GV
5uBSumRtexFftx9XnYjZmFA=
=KHlI
-----END PGP SIGNATURE-----
--VS++wcV0S1rZb1Fb--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319184435.A4231>