From owner-freebsd-net Thu Jan 25 23: 8:32 2001 Delivered-To: freebsd-net@freebsd.org Received: from atro.pine.nl (atro.pine.nl [213.156.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 823A037B400 for ; Thu, 25 Jan 2001 23:08:15 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by atro.pine.nl (8.11.1/8.11.1) with ESMTP id f0Q78Bn00373; Fri, 26 Jan 2001 08:08:12 +0100 (MET) Date: Fri, 26 Jan 2001 08:08:11 +0100 (MET) From: Mark Lastdrager To: Peter Brezny Cc: Subject: Re: ipfw not allowing udp? In-Reply-To: <003601c0874f$ea8932c0$46010a0a@sysadmininc.com> Message-ID: X-NCC-RegID: nl.pine MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At Thu, 25 Jan 2001, owner-freebsd-net@FreeBSD.ORG wrote: >I have a line in my firewall config like this: > >ipfw add allow udp from any 53 to my.ns.ip.here 53 > >and was dissappointed to find that when i configured a secondary name server >to use the primary behind the firewall, it was unable to make the zone >transfers... > >have i missed something big and zone transfers require more than just port >53? I think I don't have to repeat that zonetransfers use 53/tcp ;-) What could be helpful here is to insert a rule before the default deny rule: ipfw add deny log ip from any to any This way all denies are being logged so you can see what's wrong. Mark Lastdrager -- Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011 PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1 Today's excuse: The rolling stones concert down the road caused a brown out To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message