Date: Mon, 27 Sep 1999 09:29:56 +0300 From: Ruslan Ermilov <ru@ucb.crimea.ua> To: Joe Bo <ibjoe@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw, natd and DNS Message-ID: <19990927092956.A76443@relay.ucb.crimea.ua> In-Reply-To: <2.2.32.19990926201520.0097ddbc@mail>; from Joe Bo on Sun, Sep 26, 1999 at 01:15:20PM -0700 References: <2.2.32.19990926201520.0097ddbc@mail>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Sep 26, 1999 at 01:15:20PM -0700, Joe Bo wrote:
> Hi,
>
> I'm running v3.2 with ipfw and natd on a 2 nic machine
> as a gateway for a RFC1918 network of windows PCs.
>
> I changed the firewall type to "simple", and my internal
> network could no longer get internet access.
>
> of course in rc.firewall I have:
> $fwcmd add divert natd all from any to any via ${natd_interface}
> as the first line.
>
> The problem was the port 53 was not getting though.
>
> when I changed the original lines:
> # Allow DNS queries out in the world
> $fwcmd add pass udp from any 53 to ${oip}
> $fwcmd add pass udp from ${oip} to any 53
> to
> # Allow DNS queries out in the world
> $fwcmd add pass udp from any 53 to any
> $fwcmd add pass udp from any to any 53
>
> then it worked. Someone told me it was because I didn't have named
> running, so I added and configured that, it is correct I think.
> but I still have to have the more open port 53 lines in rc.firewall.
>
> Can anyone tell me, am I doing something wrong or ???
>
> Thanks to all who can respond,
>
> Joe
>
Add the following rule
$fwcmd deny log ip from any to any
as the last rule, and see what is being blocked, then come back with more info.
--
Ruslan Ermilov Sysadmin and DBA of the
ru@ucb.crimea.ua United Commercial Bank,
ru@FreeBSD.org FreeBSD committer,
+380.652.247.647 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990927092956.A76443>