From owner-freebsd-questions  Sat Sep 30 13:16:37 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from baked.beancrock.net (baked.beancrock.net [64.32.160.231])
	by hub.freebsd.org (Postfix) with ESMTP id E586E37B503
	for <freebsd-questions@freebsd.org>; Sat, 30 Sep 2000 13:16:34 -0700 (PDT)
Received: from baked.beancrock.net (mgtak@baked.beancrock.net [64.32.160.231])
	by baked.beancrock.net (8.9.3/8.9.3) with ESMTP id QAA09710
	for <freebsd-questions@freebsd.org>; Sat, 30 Sep 2000 16:16:32 -0400 (EDT)
	(envelope-from mgtak@beancrock.net)
Date: Sat, 30 Sep 2000 16:16:32 -0400 (EDT)
From: MG_Tak <mgtak@beancrock.net>
To: freebsd-questions@freebsd.org
Subject: DNS behind a ipfw firewall
Message-ID: <Pine.BSF.4.21.0009301610030.13966-100000@baked.beancrock.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


	Greetings,

	From what I read on www.freebsd.org, this question doesn't
belong on the ipfw mailing list, so I'm sending it here.

	I'm running a FreeBSD 4.1 machine with ipfw. It works fine for
every TCP and outgoing UDP connections, but for some reason, I can't get
it to work for incoming DNS connections. I do need that beacuse my
machine is the name server for my domain.

	I have:

        ${fwcmd} add pass udp from any 53 to ${ip}
        ${fwcmd} add pass udp from ${ip} to any 53

	in my /etc/rc.firewall, and this effectively allows me to send
out DNS requests to the internet, and get responses for them, but it
doesn't allow the rest of the internet to spontaneously query my name
server.

	I think my problem comes from not understanding how DNS
transactions work.

	I have searched many web-sites for answers, but have yet to find
any that was helpful enough.

	Thanks for your time, and help,

----------------------------------

MG_Tak
beancrock.net system administrator



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message