From owner-freebsd-questions Thu Apr 11 15: 7:54 2002 Delivered-To: freebsd-questions@freebsd.org Received: from fastmail.fm (fastmail.fm [209.61.183.86]) by hub.freebsd.org (Postfix) with ESMTP id DA2FF37B400 for ; Thu, 11 Apr 2002 15:07:46 -0700 (PDT) Received: from fastmail.fm (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id DD5DD6DB06 for ; Thu, 11 Apr 2002 17:07:39 -0500 (CDT) X-Epoch: 1018562859 X-Sasl-enc: SBy+RhjpxXaOke3PDY9IrQ Received: from qawwalsh (unknown [63.71.9.20]) by fastmail.fm (Postfix) with ESMTP id C08826D9F8 for ; Thu, 11 Apr 2002 17:07:38 -0500 (CDT) Message-ID: <025401c1e1a5$8feafcc0$ab2aa8c0@mrktg.zixadmin.com> From: "mithril" To: Subject: Fw: again... Date: Thu, 11 Apr 2002 17:09:32 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > depending on where this lies in your fw config, you could end up blocking > all DNS lookups so beware. > > It would probably be simpler to have it only accept queries from the > internal net as Moti suggested. > > Cheers, > Will > ----- Original Message ----- > From: "BSDJunk" > To: "Moti" ; "Bob Kersten" ; > > Sent: Thursday, April 11, 2002 4:08 PM > Subject: Re: again... > > > > Or you can use your firewall and block access to your DNS server from the > > outside: > > > > ipfw add deny udp from any to 213.51.186.212 53 in via ed0 > > > > ----- Original Message ----- > > From: "Moti" > > To: "Bob Kersten" ; > > Sent: Thursday, April 11, 2002 10:33 PM > > Subject: Re: again... > > > > > > > Asuming you use bind8+ you can use the allow-query option in named.conf > > and > > > put only your internal net. > > > somthing like > > > allow-query { 10.1.1.0/24;} > > > > > > ----- Original Message ----- > > > From: "Bob Kersten" > > > To: > > > Sent: Thursday, April 11, 2002 10:53 AM > > > Subject: again... > > > > > > > > > > Hi, > > > > > > > > I'm running named on my server to allow the users of my internal > > > > network to fill in this server as their DNS server. This server has > > > > two NIC's, one for the external (internet) connection and one for > > > > internal traffic (address 10.0.0.1). My clients have IP 10.0.0.2 and > > > > up. This is working just fine, but I discovered that I can use this > > > > server as my DNS server from my computer at work (outside my internal > > > > network) by entering the IP I got from my ISP and which I have setup > > > > for the first NIC I mentioned above. > > > > > > > > I don't know if this makes the situation clear for you, but I > > > > would like to restrict access to my DNS server from outside and only > > > > allow the internal clients to use the server for their DNS. > > > > > > > > Can this be done, and if so, how? I'm using natd to route traffic > > > > from my internal network to the internet. Below is a copy of my > > > > rc.conf. > > > > > > > > Thnx in advance for every givin answer, > > > > Bob. > > > > > > > > [rc.conf] > > > > > > > > defaultrouter="213.51.184.1" > > > > gateway_enable="YES" > > > > hostname="buffy.fellownet.org" > > > > > > > > ifconfig_ed0="inet 213.51.186.212 netmask 255.255.252.0" > > > > ifconfig_ed1="inet 10.0.0.1 netmask 255.255.255.0" > > > > > > > > inetd_enable="YES" > > > > inetd_flags="-l" > > > > > > > > kern_securelevel_enable="NO" > > > > nfs_reserved_port_only="YES" > > > > sendmail_enable="YES" > > > > named_enable="YES" > > > > sshd_enable="YES" > > > > > > > > ntpdate_enable="YES" > > > > ntpdate_flags="ntp0.nl.net" > > > > > > > > tcp_extensions="YES" > > > > router_enable="NO" > > > > > > > > firewall_enable="YES" > > > > firewall_type="OPEN" > > > > > > > > natd_enable="YES" > > > > natd_program="/sbin/natd" > > > > natd_interface="ed0" > > > > natd_flags="" > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message