From owner-freebsd-bugs  Sun Apr 21  8:10:14 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 6CC4137B404
	for <freebsd-bugs@hub.freebsd.org>; Sun, 21 Apr 2002 08:10:04 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g3LFA4g82132;
	Sun, 21 Apr 2002 08:10:04 -0700 (PDT)
	(envelope-from gnats)
Date: Sun, 21 Apr 2002 08:10:04 -0700 (PDT)
Message-Id: <200204211510.g3LFA4g82132@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: "Earl A. Killian" <earl@killian.com>
Subject: Re: misc/37301: 4.5 rc.firewall type simple does not pass icmp, or inside to gateway udp
Reply-To: "Earl A. Killian" <earl@killian.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/37301; it has been noted by GNATS.

From: "Earl A. Killian" <earl@killian.com>
To: "Crist J. Clark" <cjc@FreeBSD.ORG>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: misc/37301: 4.5 rc.firewall type simple does not pass icmp, or inside to gateway udp
Date: Sun, 21 Apr 2002 08:06:16 -0700

 Crist J. Clark writes:
  > Date: Sun, 21 Apr 2002 01:19:05 -0700
  > From: "Crist J. Clark" <cjc@FreeBSD.ORG>
  > 
  > You are missing,
  > 
  >         # Allow access to our DNS
  >         ${fwcmd} add pass tcp from any to ${oip} 53 setup
  >         ${fwcmd} add pass udp from any to ${oip} 53
  >         ${fwcmd} add pass udp from ${oip} 53 to any
  > 
  > Which allow internal machines to reach the DNS server on the
  > gateway. Remember,
 
 But note the ${oip}.  My DNS was returning ${iip} for the address of my
 internal gateway, so these rules did not apply.  This is my original
 complaint.
 
  >         ############
  >         # This is a prototype setup for a simple firewall.  Configure this
  >         # machine as a named server and ntp server, and point all the machines
  >         # on the inside at this machine for those services.
  >         ############
  > 
  > (Not that that the rules actually work for NTP. ;)
 
 I guess the comment needs to say point all the machines on the inside
 at the outside address of this machine.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message