Date: Thu, 11 Apr 2002 17:09:32 -0500 From: "mithril" <mithril@fastem.com> To: <freebsd-questions@FreeBSD.ORG> Subject: Fw: again... Message-ID: <025401c1e1a5$8feafcc0$ab2aa8c0@mrktg.zixadmin.com>
next in thread | raw e-mail | index | archive | help
> depending on where this lies in your fw config, you could end up blocking
> all DNS lookups so beware.
>
> It would probably be simpler to have it only accept queries from the
> internal net as Moti suggested.
>
> Cheers,
> Will
> ----- Original Message -----
> From: "BSDJunk" <BSDJunk@1729.net>
> To: "Moti" <moti@flncs.com>; "Bob Kersten" <bob@fellownet.org>;
> <freebsd-questions@FreeBSD.ORG>
> Sent: Thursday, April 11, 2002 4:08 PM
> Subject: Re: again...
>
>
> > Or you can use your firewall and block access to your DNS server from
the
> > outside:
> >
> > ipfw add deny udp from any to 213.51.186.212 53 in via ed0
> >
> > ----- Original Message -----
> > From: "Moti" <moti@flncs.com>
> > To: "Bob Kersten" <bob@fellownet.org>; <freebsd-questions@FreeBSD.ORG>
> > Sent: Thursday, April 11, 2002 10:33 PM
> > Subject: Re: again...
> >
> >
> > > Asuming you use bind8+ you can use the allow-query option in
named.conf
> > and
> > > put only your internal net.
> > > somthing like
> > > allow-query { 10.1.1.0/24;}
> > >
> > > ----- Original Message -----
> > > From: "Bob Kersten" <bob@fellownet.org>
> > > To: <freebsd-questions@freebsd.org>
> > > Sent: Thursday, April 11, 2002 10:53 AM
> > > Subject: again...
> > >
> > >
> > > > Hi,
> > > >
> > > > I'm running named on my server to allow the users of my internal
> > > > network to fill in this server as their DNS server. This server has
> > > > two NIC's, one for the external (internet) connection and one for
> > > > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and
> > > > up. This is working just fine, but I discovered that I can use this
> > > > server as my DNS server from my computer at work (outside my
internal
> > > > network) by entering the IP I got from my ISP and which I have setup
> > > > for the first NIC I mentioned above.
> > > >
> > > > I don't know if this makes the situation clear for you, but I
> > > > would like to restrict access to my DNS server from outside and only
> > > > allow the internal clients to use the server for their DNS.
> > > >
> > > > Can this be done, and if so, how? I'm using natd to route
traffic
> > > > from my internal network to the internet. Below is a copy of my
> > > > rc.conf.
> > > >
> > > > Thnx in advance for every givin answer,
> > > > Bob.
> > > >
> > > > [rc.conf]
> > > >
> > > > defaultrouter="213.51.184.1"
> > > > gateway_enable="YES"
> > > > hostname="buffy.fellownet.org"
> > > >
> > > > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0"
> > > > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0"
> > > >
> > > > inetd_enable="YES"
> > > > inetd_flags="-l"
> > > >
> > > > kern_securelevel_enable="NO"
> > > > nfs_reserved_port_only="YES"
> > > > sendmail_enable="YES"
> > > > named_enable="YES"
> > > > sshd_enable="YES"
> > > >
> > > > ntpdate_enable="YES"
> > > > ntpdate_flags="ntp0.nl.net"
> > > >
> > > > tcp_extensions="YES"
> > > > router_enable="NO"
> > > >
> > > > firewall_enable="YES"
> > > > firewall_type="OPEN"
> > > >
> > > > natd_enable="YES"
> > > > natd_program="/sbin/natd"
> > > > natd_interface="ed0"
> > > > natd_flags=""
> > > >
> > > >
> > > >
> > > >
> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > > with "unsubscribe freebsd-questions" in the body of the message
> > > >
> > > >
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-questions" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> >
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?025401c1e1a5$8feafcc0$ab2aa8c0>