From owner-freebsd-questions Thu Apr 11 13: 7:48 2002 Delivered-To: freebsd-questions@freebsd.org Received: from buffy.fellownet.org (cp184099-a.venra1.lb.nl.home.com [213.51.186.212]) by hub.freebsd.org (Postfix) with ESMTP id 6C92537B404 for ; Thu, 11 Apr 2002 13:07:37 -0700 (PDT) Received: from kerstenz6r4278 (hidden-user@medusa.iae.nl [212.61.24.65]) by buffy.fellownet.org (8.11.6/8.11.6) with SMTP id g3BEsKo00332 for ; Thu, 11 Apr 2002 16:54:35 +0200 (CEST) (envelope-from bob@fellownet.org) Message-ID: <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278> From: "Bob Kersten" To: Subject: again... Date: Thu, 11 Apr 2002 16:53:48 +0200 Organization: FellowNet Online Community MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I'm running named on my server to allow the users of my internal network to fill in this server as their DNS server. This server has two NIC's, one for the external (internet) connection and one for internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and up. This is working just fine, but I discovered that I can use this server as my DNS server from my computer at work (outside my internal network) by entering the IP I got from my ISP and which I have setup for the first NIC I mentioned above. I don't know if this makes the situation clear for you, but I would like to restrict access to my DNS server from outside and only allow the internal clients to use the server for their DNS. Can this be done, and if so, how? I'm using natd to route traffic from my internal network to the internet. Below is a copy of my rc.conf. Thnx in advance for every givin answer, Bob. [rc.conf] defaultrouter="213.51.184.1" gateway_enable="YES" hostname="buffy.fellownet.org" ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0" ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0" inetd_enable="YES" inetd_flags="-l" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" sendmail_enable="YES" named_enable="YES" sshd_enable="YES" ntpdate_enable="YES" ntpdate_flags="ntp0.nl.net" tcp_extensions="YES" router_enable="NO" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_program="/sbin/natd" natd_interface="ed0" natd_flags="" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message