Date: Sun, 15 Apr 2001 22:16:40 -0700 From: "Caleb Walker" <cwalker@cwalk.org> To: "Dru" <genisis@istar.ca> Cc: <questions@FreeBSD.ORG> Subject: Re: IPFW rules Message-ID: <017201c0c634$6b5893a0$2701a8c0@cwalk.org> References: <Pine.BSF.4.21.0104151522160.16109-100000@istar.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
This brings me to another question about my firewall. I have windows users that are behind a firewall and DNS servers are on the other side. I notice that windows sends dns queries from some unknown port number to port 53. I have been using keep-state for this to work but I dont like doing that. Is there another way to make sure that DNS queries are passed all of the time? ----- Original Message ----- From: "Dru" <genisis@istar.ca> To: "Caleb Walker" <cwalker@cwalk.org> Cc: <questions@FreeBSD.ORG> Sent: Sunday, April 15, 2001 12:34 PM Subject: Re: IPFW rules > > Hi Caleb, > > The SSH server listens on TCP port 22, but the client uses any port below > 1023 (if you're using .rhosts for authentication) or any port above 1024 > if you're not using .rhosts for authentication. So it looks like when > you remove rule 64101 you drop your responses. > > Have you tried something like this: > > 64000 allow tcp from any to any 22 in (you also might want to log that one) > 64001 allow tcp from any 22 to any out established > > You won't need the UDP one for port 22. > > HTH, > > Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017201c0c634$6b5893a0$2701a8c0>