From owner-freebsd-questions Wed Mar 20 7:50:45 2002 Delivered-To: freebsd-questions@freebsd.org Received: from oxe.cs.umu.se (oxe.cs.umu.se [130.239.40.14]) by hub.freebsd.org (Postfix) with ESMTP id 4C35F37B417 for ; Wed, 20 Mar 2002 07:50:41 -0800 (PST) Received: from bark (rfc1413 says tdv94ped@bark.cs.umu.se [130.239.40.185]) by oxe.cs.umu.se (8.8.8/8.8.8) with ESMTP id QAA01838; Wed, 20 Mar 2002 16:49:51 +0100 (MET) Date: Wed, 20 Mar 2002 16:49:51 +0100 (MET) From: Paul Everlund To: Flemming =?iso-8859-1?Q?Fr=F8kjk=E6r?= Cc: Subject: Re: ipfw rules In-Reply-To: <3C992774.D763B085@froekjaer.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 20 Mar 2002, Flemming Frøkjkær wrote: > I'm trying to build a firewall based on the simple firewall in the > rc.firewall script > after enabling the firewall I can't look up any addresses. If I use > nslookup it just times out :( > I can add a rule like this: ipfw add 9999 pass all from any to any > Then everything works, but the firewall does not do me any good :( > what rules should I add to make DNS work? You must let DNS queries UDP out to port 53, and also let them back in from port 53. Also DNS TCP out to port 53 should be allowed (I think). Something like this: ipfw add allow udp from any to DNS-IP 53 out via INTERFACE ipfw add allow udp from DNS-IP 53 to any in via INTERFACE ipfw add allow tcp from any to DNS-IP 53 out via INTERFACE Good luck! Best regards, Paul To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message