From owner-freebsd-questions@FreeBSD.ORG Sun Jan 16 15:35:16 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C4E4716A4CE for ; Sun, 16 Jan 2005 15:35:16 +0000 (GMT) Received: from viefep20-int.chello.at (viefep12-int.chello.at [213.46.255.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 205BD43D54 for ; Sun, 16 Jan 2005 15:35:15 +0000 (GMT) (envelope-from gabor.kovesdan@freemail.hu) Received: from hyperduron ([80.99.33.169]) by viefep20-int.chello.at (InterMail vM.6.01.03.04 201-2131-111-106-20040729) with ESMTP id <20050116153513.WNGG29966.viefep20-int.chello.at@hyperduron> for ; Sun, 16 Jan 2005 16:35:13 +0100 From: "=?iso-8859-2?B?S/Z2ZXNk4W4gR+Fib3I=?=" To: Date: Sun, 16 Jan 2005 16:35:33 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: AcT74QSh40vg6NcwQ5mRvlFWQ9WU/g== Message-Id: <20050116153513.WNGG29966.viefep20-int.chello.at@hyperduron> Subject: IPF firewalling X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gabor.kovesdan@freemail.hu List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Jan 2005 15:35:16 -0000 Hi, I have some trouble with the ipf configuration. I made the following ruleset: pass in quick on rl0 proto udp from any to any port =3D 68 keep state pass in quick proto udp from any to any port =3D 53 keep state keep = frags pass in quick on rl0 proto tcp/udp from any to any port =3D 42 keep = state keep frags pass in quick on rl0 proto tcp from any to any port =3D 22 flags S keep = state pass in quick on rl0 proto tcp from any to any port =3D 25 keep state pass in quick on rl0 proto tcp from any to any port =3D 21 keep state pass in quick on rl0 proto tcp from any to any port =3D 20 keep state pass in quick on rl0 proto tcp from any to any port =3D 80 keep state block return-rst in log quick on rl0 proto tcp from any to any block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from = any to any block in quick on rl0 all pass in quick on lo0 all pass out quick on lo0 all Everything seems okay, but the named. Neiher the ISP's nameserver (set = by the dhcp) nor the local nameserver works. BIND 9 wrote this to /var/log/messages: Jan 16 13:59:35 server named[1028]: starting BIND 9.3.0 -u named -t /usr/local/named -c /etc/named.conf Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: = address in use Jan 16 13:59:35 server named[1028]: creating IPv4 interface re0 failed; interface ignored Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: = address in use Jan 16 13:59:35 server named[1028]: creating IPv4 interface lo0 failed; interface ignored Jan 16 13:59:35 server named[1028]: not listening on any interfaces Jan 16 13:59:35 server named[1028]: /etc/named.conf:14: couldn't add = command channel 127.0.0.1#953: address in use Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: permission denied Jan 16 13:59:35 server named[1028]: creating IPv4 interface re0 failed; interface ignored Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: permission denied Jan 16 13:59:35 server named[1028]: creating IPv4 interface lo0 failed; interface ignored The rndc doesn't matter, I'm not going to use it, but the neither named = can listen on the network and the loopback interface. Could You suggest me = any solution for this trouble? Btw, this machine is going to be a web, dns, mail, etc. server and is being tested on an ordinary cable connection, that's why I'm using dhcp. Best regards, G=E1bor K=F6vesd=E1n