From owner-freebsd-questions Thu Apr 11 13:32:17 2002 Delivered-To: freebsd-questions@freebsd.org Received: from pintail.mail.pas.earthlink.net (pintail.mail.pas.earthlink.net [207.217.120.122]) by hub.freebsd.org (Postfix) with ESMTP id 8CD0F37B404 for ; Thu, 11 Apr 2002 13:32:13 -0700 (PDT) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 16vlEN-0002LZ-00; Thu, 11 Apr 2002 13:31:43 -0700 Received: from mlevy (cylex [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id 444A920781; Thu, 11 Apr 2002 16:36:49 -0400 (EDT) Message-ID: <054c01c1e198$36009150$fd6e34c6@mlevy> From: "Moti" To: "Bob Kersten" , References: <001201c1e168$c16a92c0$2849a8c0@kerstenz6r4278> Subject: Re: again... Date: Thu, 11 Apr 2002 16:33:59 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Asuming you use bind8+ you can use the allow-query option in named.conf and put only your internal net. somthing like allow-query { 10.1.1.0/24;} ----- Original Message ----- From: "Bob Kersten" To: Sent: Thursday, April 11, 2002 10:53 AM Subject: again... > Hi, > > I'm running named on my server to allow the users of my internal > network to fill in this server as their DNS server. This server has > two NIC's, one for the external (internet) connection and one for > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and > up. This is working just fine, but I discovered that I can use this > server as my DNS server from my computer at work (outside my internal > network) by entering the IP I got from my ISP and which I have setup > for the first NIC I mentioned above. > > I don't know if this makes the situation clear for you, but I > would like to restrict access to my DNS server from outside and only > allow the internal clients to use the server for their DNS. > > Can this be done, and if so, how? I'm using natd to route traffic > from my internal network to the internet. Below is a copy of my > rc.conf. > > Thnx in advance for every givin answer, > Bob. > > [rc.conf] > > defaultrouter="213.51.184.1" > gateway_enable="YES" > hostname="buffy.fellownet.org" > > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0" > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0" > > inetd_enable="YES" > inetd_flags="-l" > > kern_securelevel_enable="NO" > nfs_reserved_port_only="YES" > sendmail_enable="YES" > named_enable="YES" > sshd_enable="YES" > > ntpdate_enable="YES" > ntpdate_flags="ntp0.nl.net" > > tcp_extensions="YES" > router_enable="NO" > > firewall_enable="YES" > firewall_type="OPEN" > > natd_enable="YES" > natd_program="/sbin/natd" > natd_interface="ed0" > natd_flags="" > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message