From owner-freebsd-questions Wed Oct 10 4:10:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls20.mediaone.net (chmls20.mediaone.net [24.147.1.156]) by hub.freebsd.org (Postfix) with ESMTP id B795337B409 for ; Wed, 10 Oct 2001 04:10:19 -0700 (PDT) Received: from acadia.ne.mediaone.net (acadia.ne.mediaone.net [65.96.185.189]) by chmls20.mediaone.net (8.11.1/8.11.1) with ESMTP id f9ABAvx07669; Wed, 10 Oct 2001 07:10:57 -0400 (EDT) Received: (from leblanc@localhost) by acadia.ne.mediaone.net (8.11.6/8.11.6) id f9ABAFA02456; Wed, 10 Oct 2001 07:10:15 -0400 (EDT) (envelope-from leblanc) Date: Wed, 10 Oct 2001 07:08:54 -0400 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: ipfw question - hostname/address spec? Message-ID: <20011010070853.A592@acadia.ne.mediaone.net> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: freebsd-questions@FreeBSD.ORG References: <20011004071834.A2458@acadia.ne.mediaone.net> <20011004135129.E297@blossom.cjclark.org> <20011009005629.D589@acadia.ne.mediaone.net> <20011009035651.N350@blossom.cjclark.org> <20011009145144.C64668@acadia.ne.mediaone.net> <20011010001011.F387@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20011010001011.F387@blossom.cjclark.org> User-Agent: Mutt/1.3.22.1i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10/10/01 12:10 AM, Crist J. Clark sat at the `puter and typed: > On Tue, Oct 09, 2001 at 02:51:45PM -0400, Louis LeBlanc wrote: > > On 10/09/01 03:56 AM, Crist J. Clark sat at the `puter and typed: > > > [snip] > > > > > > /etc/rc.firewall would be good. > > > > Ok, you asked for it . . . > > [snip] > > > > If DNS works fine once the system is up, but doesn't work when running > > > the rc.firewall script, it sure sounds like you are killing your own > > > lookups due to the rule ordering. > > > > It doesn't work at all. Not even via direct IP. > > Hmmm? > > > Thanks for your help. I'm sure to learn something useful in all this. > > Which is the point, I guess. > > [snip] > > I can't reproduce the problem and it does look like DNS lookups should > be working by the time the SMTP and NNTP rules are reached. I'm not > sure what is happening here. You could try adding some logging to see > what is going on in the ruleset. It also may be some other strange DNS > interaction. I found the DNS culprit. Looks like I need to try that firewall again. Turns out I had borrowed a bogus dhclient-enter-hooks script that was hosing resolv.conf. DNS seens to be solved for now. Thanks! I'll try that firewall again and let you know if it still hoses things. BTW, in Linux, it was fairly trivial to release a DHCP lease, renew it, reset the firewall and get masquerading back up (automatic the way Linux did masquerading thru the firewall) - all without a reboot. Is there a relatively painless way to do this in FreeBSD? Thanks for your help! Lou -- Louis LeBlanc leblanc@acadia.ne.mediaone.net Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://acadia.ne.mediaone.net ԿԬ Turnaucka's Law: The attention span of a computer is only as long as its electrical cord. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message