From owner-freebsd-questions Sat Aug 14 7:28:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (Postfix) with ESMTP id 599891591A for ; Sat, 14 Aug 1999 07:28:13 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id HAA17290; Sat, 14 Aug 1999 07:27:10 -0700 (PDT) Date: Sat, 14 Aug 1999 07:27:10 -0700 (PDT) From: Dan Busarow To: "David B. Aas" Cc: questions@freebsd.org Subject: RE: FW: Need consulting help with v3.2 firewall In-Reply-To: <003501bee5d7$33351a00$0fc8a8c0@dave.ciminot.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 13 Aug 1999, David B. Aas wrote: > I am set up as a caching DNS server. But that only works for "real" IP addresses, it won't help if you are using RFC1918 private address space. For that you need to run a primary name server yourself. You can leave the cache only setup for the Internet at large and run primary for e.g. 1.168.192.in-addr.arpa at the same time. Dan > > Here is my named.boot file: > #################### > directory /etc/namedb > primary 0.0.127.in-addr.arpa localhost.rev > forwarders 206.30.26.10 206.30.27.130 > ##################### > > The 2 ips on the forwarders line are the primary and secondary DNS servers > of my ISP. > > Here is my localhost.rev file: > #################### > ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 > ; $Id: PROTO.localhost.rev,v 1.4 1997/05/01 21:02:37 ache Exp $ > ; > ; This file is automatically edited by the `make-localhost' script in > ; the /etc/namedb directory. > ; > > @ IN SOA gateway.towncountry.net. > root.gateway.towncountry.net. ( > 19990803 ; Serial > 3600 ; Refresh > 900 ; Retry > 3600000 ; Expire > 3600 ) ; Minimum > IN NS gateway.towncountry.net. > 1 IN PTR localhost.towncountry.net. > ####################### > Domain Names have been changed to protect the innocent. > > I set it up as detailed in "The Complete FreeBSD". Am I missing something? > > Dave Aas > dave@ciminot.com > > > -----Original Message----- > > From: Oscar Bonilla [mailto:obonilla@fisicc-ufm.edu] > > Sent: Wednesday, August 11, 1999 8:06 PM > > To: Dan Busarow > > Cc: David B. Aas; questions@FreeBSD.ORG > > Subject: Re: FW: Need consulting help with v3.2 firewall > > > > > > On Wed, Aug 11, 1999 at 04:27:23PM -0700, Dan Busarow wrote: > > > On Wed, 11 Aug 1999, David B. Aas wrote: > > > > I cleaned up my rules, and set up the logging. That > > helped lots. My rules > > > > had some problems with UDP from the internal net. I fixed those. > > > > > > > > I set up a rule to allow all from any to any and ran my > > POP3 client on my > > > > network workstations. It still does not work. I am > > thinking that it is > > > > something to do with my DNS. > > > > > > > > My console still gives me an error message "servername > > > > popper[number]:(v2.53) unable to get canonical name of > > client, err=0" > > > > > > > > Should I post my DNS settings? I have checked them over > > several times, and > > > > don't see anything wrong. I had it set for a secondary > > DNS server, and I > > > > changed it to a caching DNS server as a troubleshooting > > technique. I am > > > > following the discussion in "The Complete FreeBSD". > > > > > > > > Am I missing something? > > > > > > You need to provide DNS, at least in-addr.arpa, for your internal > > > hosts. > > > > > > > definitely. You should provide forward DNS as well, at least for the > > internal network. > > > > regards, > > > > -Oscar > -- Dan Busarow 949 443 4172 Dana Point Communications, Inc. dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message