From owner-freebsd-questions Sat Sep 30 13:16:37 2000 Delivered-To: freebsd-questions@freebsd.org Received: from baked.beancrock.net (baked.beancrock.net [64.32.160.231]) by hub.freebsd.org (Postfix) with ESMTP id E586E37B503 for ; Sat, 30 Sep 2000 13:16:34 -0700 (PDT) Received: from baked.beancrock.net (mgtak@baked.beancrock.net [64.32.160.231]) by baked.beancrock.net (8.9.3/8.9.3) with ESMTP id QAA09710 for ; Sat, 30 Sep 2000 16:16:32 -0400 (EDT) (envelope-from mgtak@beancrock.net) Date: Sat, 30 Sep 2000 16:16:32 -0400 (EDT) From: MG_Tak To: freebsd-questions@freebsd.org Subject: DNS behind a ipfw firewall Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Greetings, From what I read on www.freebsd.org, this question doesn't belong on the ipfw mailing list, so I'm sending it here. I'm running a FreeBSD 4.1 machine with ipfw. It works fine for every TCP and outgoing UDP connections, but for some reason, I can't get it to work for incoming DNS connections. I do need that beacuse my machine is the name server for my domain. I have: ${fwcmd} add pass udp from any 53 to ${ip} ${fwcmd} add pass udp from ${ip} to any 53 in my /etc/rc.firewall, and this effectively allows me to send out DNS requests to the internet, and get responses for them, but it doesn't allow the rest of the internet to spontaneously query my name server. I think my problem comes from not understanding how DNS transactions work. I have searched many web-sites for answers, but have yet to find any that was helpful enough. Thanks for your time, and help, ---------------------------------- MG_Tak beancrock.net system administrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message