From owner-freebsd-questions@FreeBSD.ORG  Sun Nov 14 14:31:10 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B2B4216A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Nov 2004 14:31:10 +0000 (GMT)
Received: from pi.codefab.com (pi.codefab.com [199.103.21.227])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 50F9B43D55
	for <freebsd-questions@freebsd.org>;
	Sun, 14 Nov 2004 14:31:10 +0000 (GMT)	(envelope-from cswiger@mac.com)
Received: from [192.168.1.250] (pool-68-161-115-118.ny325.east.verizon.net
	[68.161.115.118])
	by pi.codefab.com (8.12.11/8.12.11) with ESMTP id iAEEV2d8084964
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 14 Nov 2004 09:31:04 -0500 (EST)
Message-ID: <41976C23.2080602@mac.com>
Date: Sun, 14 Nov 2004 09:30:59 -0500
From: Chuck Swiger <cswiger@mac.com>
Organization: The Courts of Chaos
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.3) Gecko/20040910
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Emil Khatib <fenomenoxp2@gmail.com>
References: <dd999232041114061645000810@mail.gmail.com>
In-Reply-To: <dd999232041114061645000810@mail.gmail.com>
X-Enigmail-Version: 0.86.1.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=-4.3 required=5.5 tests=AWL,BAYES_00 autolearn=ham 
	version=2.64
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on pi.codefab.com
cc: freebsd-questions@freebsd.org
Subject: Re: host name lookup failure under 4.9
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2004 14:31:10 -0000

Emil Khatib wrote:
[ ... ]
 > The firewall rules are:
>
> pass udp from me to any 53 keep-state
> pass tcp from me to any 20 keep-state
> pass tcp from me to any 21 keep-state
> pass tcp from me to any 80 keep-state
> 
> So I want to allow DNS, FTP and HTTP.

Your rules aren't enough to work right; at the very least, you need a 
check-state rule to permit return traffic to the connections you approve of 
via the keep-state keyword.  I suggest you examine /etc/rc.firewall carefully 
and look at the example rulesets there.

Also, while you can use IPFW and natd in conjunction with PPP via the tun0 
interface, doing so is more complicated than need be since PPP already has 
firewall and NAT'ing capabilities built-in.  Using them directly via your 
ppp.conf might be easier.

-- 
-Chuck