From owner-freebsd-questions Fri Nov 10 0:43:31 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-149-77.mmcable.com [24.27.149.77]) by hub.freebsd.org (Postfix) with SMTP id F0E2137B4C5 for ; Fri, 10 Nov 2000 00:43:27 -0800 (PST) Received: (qmail 12375 invoked by uid 100); 10 Nov 2000 08:43:22 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14859.46378.832801.322465@guru.mired.org> Date: Fri, 10 Nov 2000 02:43:22 -0600 (CST) To: Zero Sum Cc: questions@freebsd.org Subject: Re: ipfw firewall question In-Reply-To: <108488601@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Zero Sum types: > I have the following ipfw firewall rules... > > 01100 allow udp from 198.142.161.98 to 203.2.75.132 53 out xmit tun0 *.* > 01200 allow udp from 198.142.161.98 to 203.2.75.108 53 out xmit tun0 > 01300 allow udp from 203.2.75.132 53 to 198.142.161.98 in recv tun0 > 01400 allow udp from 203.2.75.108 53 to 198.142.161.98 in recv tun0 > > But my log shows.... > > ipfw: 65435 Deny UDP 198.142.161.98:1024 202.2.75.132:53 out via tun0 *.* > > The first of the DNS rules should allow any port from 198.142.161.98 to > 203.3.75.132 port 53 should it not? *.* > > What am I not understanding? Your understanding is right; your reading is wrong. Note the marked digits carefully - you've got three different IP addresses there, always with either 2s or 3s in the marked locations.