From owner-freebsd-questions Wed Jan 6 04:35:10 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA10867 for freebsd-questions-outgoing; Wed, 6 Jan 1999 04:35:10 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from guru.phone.net (guru.phone.net [209.157.82.120]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id EAA10854 for ; Wed, 6 Jan 1999 04:35:07 -0800 (PST) (envelope-from mwm@phone.net) Received: (qmail 18861 invoked by uid 100); 6 Jan 1999 12:34:39 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Jan 1999 12:34:39 -0000 Date: Wed, 6 Jan 1999 04:34:39 -0800 (PST) From: Mike Meyer To: Yusuf Goolamabbas cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to allow incoming DNS via 'client' prof in rc.firewall In-Reply-To: <19990106121751.23171.qmail@yusufg.portal2.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 6 Jan 1999, Yusuf Goolamabbas wrote: > I read further in rc.firewall and came across "simple" profile > > I copied the following line to just after allow setup of incoming mail > in "client" profile > /sbin/ipfw add pass tcp from any to ${ip} 53 setup > > Rebooted. Same query from external host. Again failure > > I can only get the query answered by keeping firewall type as open > > Can anybody tell me how I can allow access to my DNS from outside > whilst having all the features of the "client" profile in rc.firewall You need to allow both incoming and outgoing packets, and for udp, not tcp. Try: /sbin/ipfw add pass udp from any to ${ip} 53 /sbin/ipfw add pass udp from ${ip} to any 53