From owner-freebsd-ipfw Mon Jun 19 6: 3:35 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from core.pavilion.net (core.pavilion.net [212.74.0.24]) by hub.freebsd.org (Postfix) with ESMTP id 26E5B37B761 for ; Mon, 19 Jun 2000 06:03:29 -0700 (PDT) (envelope-from matt@pavilion.net) Received: (from matt@localhost) by core.pavilion.net (8.9.3/8.8.8) id OAA96108; Mon, 19 Jun 2000 14:03:48 +0100 (BST) (envelope-from matt) Date: Mon, 19 Jun 2000 14:03:48 +0100 From: Matt Spiers To: Andy Dills Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Hijacking DNS with ipfw Message-ID: <20000619140348.M79276@pavilion.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from andy@xecu.net on Fri, Jun 09, 2000 at 07:01:00PM -0400 X-NCC-RegID: uk.pavilion Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I'm in a situation where I have customers with various DNS servers > configured. These customers are all behind a FreeBSD (4.0-R) box. The > FreeBSD box is running named (among other things). > > I had thought that this rule would cut it: > > ipfw add 10 fwd 127.0.0.1,53 udp from any to any 53 recv xl1 > > But that just doesn't work. I'm assuming it's because maybe named gets > confused because fwd rules preserve the dest IP (as fwd rules are intended > to be used in transparent cacheing). > Don't know if this is the answer and if it's been mentioned: Are you using higher than BIND 4? BIND 4 always sends queries from port 53 but BIND 8 name servers don't send queries from port 53 as default. To force it you can add: options { query-source * port 53;}; From the O'Reilly DNS&BIND book,3rd ed., p.381 Good luck, Matt. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message