Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Oct 2001 13:51:29 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        freebsd-questions@FreeBSD.ORG
Subject:   Re: ipfw question - hostname/address spec?
Message-ID:  <20011004135129.E297@blossom.cjclark.org>
In-Reply-To: <20011004071834.A2458@acadia.ne.mediaone.net>; from leblanc%2Bfreebsd@acadia.ne.mediaone.net on Thu, Oct 04, 2001 at 07:18:35AM -0400
References:  <20011004071834.A2458@acadia.ne.mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Oct 04, 2001 at 07:18:35AM -0400, Louis LeBlanc wrote:
> Hey all.  I have a question about ipfw.  I am under the impression
> that it is ok to use a dns name for src or dest, as in the following
> excerpt from my rc.firewall - IPADDR gets defined correctly, and
> NEWS_SERVER is defined as news.ne.mediaone.net:
> 
> ipfw add allow tcp from $IPADDR $UNPRIVPORTS to $NEWS_SERVER 119 \
>            via $EXT_INTERFACE out
> 
> ipfw add allow tcp from $NEWS_SERVER 119 to $IPADDR $UNPRIVPORTS \
>            via $EXT_INTERFACE in  established
> 
> but I get the following when testing the script:
> 
> ipfw: error: hostname ``news.ne.mediaone.net'' unknown
[snip]

> A similar error dump is generated for each rule using a hostname.
> 
> I have opened the dns ports by IP prior to using any hostnames.

So, if you type,

  % dig news.ne.mediaone.net

Before you run the script, it works? Even if it does, there would not
happen to be an 'ipfw -f flush' rule at the top of your script? Are
the DNS port opened up in the script before these rules with
hostnames? Look up the names in the script right before the rules to
see if they work,

  host $NEWS_SERVER
  ipfw add allow tcp from $IPADDR $UNPRIVPORTS to $NEWS_SERVER 119 \
           via $EXT_INTERFACE out
  ipfw add allow tcp from $NEWS_SERVER 119 to $IPADDR $UNPRIVPORTS \
           via $EXT_INTERFACE in  established

-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011004135129.E297>