From owner-freebsd-questions Wed Jan 6 04:17:42 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA08999 for freebsd-questions-outgoing; Wed, 6 Jan 1999 04:17:42 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from yusufg.portal2.com (yusufg.portal2.com [203.85.226.249]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id EAA08994 for ; Wed, 6 Jan 1999 04:17:37 -0800 (PST) (envelope-from yusufg@huge.net) Received: (qmail 23172 invoked by uid 500); 6 Jan 1999 12:17:51 -0000 Date: 6 Jan 1999 12:17:51 -0000 Message-ID: <19990106121751.23171.qmail@yusufg.portal2.com> From: "Yusuf Goolamabbas" To: freebsd-questions@FreeBSD.ORG Subject: How to allow incoming DNS via 'client' prof in rc.firewall Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I am a relatvie newbie to FreeBSD. I installed FreeBSD 3.0 on a machine which acts as our nameserver. I compiled IPFIREWALL into the kernel and setup in rc.conf, firewall type as client Machines on our internal network can resolve external hosts via DNS server. Now, I wanted to see if machines external to our network can query our DNS server. I logged in to one such machine and gave the command dig @my.nameserver internal.machine.name After a long while, the command failed I edited firewall type to be "open" and rebooted the server Now above command works, I read further in rc.firewall and came across "simple" profile I copied the following line to just after allow setup of incoming mail in "client" profile /sbin/ipfw add pass tcp from any to ${ip} 53 setup Rebooted. Same query from external host. Again failure I can only get the query answered by keeping firewall type as open Can anybody tell me how I can allow access to my DNS from outside whilst having all the features of the "client" profile in rc.firewall Thanks, Yusuf -- Yusuf Goolamabbas yusufg@huge.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message