From owner-freebsd-questions  Tue Oct 29 10:57:12 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 198CD37B401
	for <questions@FreeBSD.ORG>; Tue, 29 Oct 2002 10:57:10 -0800 (PST)
Received: from server.simon1.net (user23.net263.oh.sprint-hsd.net [208.17.71.23])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCE7243E75
	for <questions@FreeBSD.ORG>; Tue, 29 Oct 2002 10:57:09 -0800 (PST)
	(envelope-from simon1@server.simon1.net)
Received: from server.simon1.net (localhost [127.0.0.1])
	by server.simon1.net (8.12.5/8.12.5) with ESMTP id g9TIv9Ha004664;
	Tue, 29 Oct 2002 13:57:09 -0500 (EST)
Received: from localhost (simon1@localhost)
	by server.simon1.net (8.12.5/8.12.5/Submit) with ESMTP id g9TIv8pO004661;
	Tue, 29 Oct 2002 13:57:09 -0500 (EST)
Date: Tue, 29 Oct 2002 13:57:08 -0500 (EST)
From: Simon1 <simon1@server.simon1.net>
To: C KH <dubbified@hotmail.com>
Cc: <questions@FreeBSD.ORG>
Subject: Re: Can't connect to DNS servers -- Firewall prob?
In-Reply-To: <F63LxpTbag35fiKe5A70000739a@hotmail.com>
Message-ID: <20021029135445.M4255-100000@server.simon1.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Make sure your box has permission to connect /to/ these systems. The rules
below allow the DNS servers to send things *to* your box, but don't allow
your box to send things TO those servers. You need to give
your box the ability to send the request /out/ to them in the first place.

The hostname hangup is due to it trying to resolve the domain. Once you
get the DNS resolving that problem will disappear.


> I have explicitly added these rules to my /etc/rc.firewall:
>
>         $fwcmd add allow udp from 66.135.144.2 53 to $oip
>         $fwcmd add allow udp from 66.135.128.68 53 to $oip
>         $fwcmd add allow tcp from 66.135.144.2 53 to $oip
>         $fwcmd add allow tcp from 66.135.128.68 53 to $oip
>
> (where $oip is my external IP address).
>
> Another possibly related thing is that on bootup, my server hangs
> indefinitely as the initializing "hostname" part.  I need to hard break it
> with CTRL+C to continue bootup.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message