Date: Wed, 6 Jan 1999 09:43:53 -0800 (PST) From: Mike Meyer <mwm@phone.net> To: Yusuf Goolamabbas <yusufg@huge.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: How to allow incoming DNS via 'client' prof in rc.firewall Message-ID: <Pine.BSF.4.05.9901060942080.25797-100000@guru.phone.net> In-Reply-To: <19990106205928.A23282@huge.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm - I missed one. Seems that DNS runs on both UDP and TCP. Try
adding those two as well:
/sbin/ipfw add pass tcp from any to ${ip} 53
/sbin/ipfw add pass tcp from ${ip} any to 53
Note that you need to allow both "setup" and "established" (you were
working with those before), so you might as well allow both. If you've
already got
/sbin/ipfw add pass tcp from any to any established
you can add "setup" to the above two lines for slightly tighter
control.
<mike
On Wed, 6 Jan 1999, Yusuf Goolamabbas wrote:
> Date: Wed, 6 Jan 1999 20:59:28 +0800
> From: Yusuf Goolamabbas <yusufg@huge.net>
> To: Mike Meyer <mwm@phone.net>
> Cc: freebsd-questions@FreeBSD.ORG
> Subject: Re: How to allow incoming DNS via 'client' prof in rc.firewall
>
> > You need to allow both incoming and outgoing packets, and for udp, not
> > tcp. Try:
> >
> > /sbin/ipfw add pass udp from any to ${ip} 53
> > /sbin/ipfw add pass udp from ${ip} to any 53
>
> Hi Mike, I added the first rule (second rule is their as part of
> "client"). However. I get no response when queried from external network
>
> Anything, I could be doing wrong still ?
>
> >
> > <mike
> >
>
> --
> Yusuf Goolamabbas
> yusufg@huge.net
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9901060942080.25797-100000>