From owner-freebsd-questions Fri Feb 28 22:41:51 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 07A9737B405 for ; Fri, 28 Feb 2003 22:41:49 -0800 (PST) Received: from akira.lanfear.com (akira.lanfear.com [216.168.61.84]) by mx1.FreeBSD.org (Postfix) with SMTP id 14D5243FE5 for ; Fri, 28 Feb 2003 22:41:48 -0800 (PST) (envelope-from mw@lanfear.com) Received: (qmail 2244 invoked from network); 1 Mar 2003 06:41:47 -0000 Received: from localhost.lanfear.com (HELO localhost) (127.0.0.1) by localhost.lanfear.com with SMTP; 1 Mar 2003 06:41:47 -0000 Subject: Re: DNS and ipfw From: Mark To: Mark Cc: questions@freebsd.org In-Reply-To: <1046497302.10689.4.camel@donburi> References: <1046497302.10689.4.camel@donburi> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 Date: 28 Feb 2003 22:42:12 -0800 Message-Id: <1046500933.10689.9.camel@donburi> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is really wonky! I've tried all sorts of variations on the following rules: add pass tcp from any 53 to 10.0.0.0/24 add pass udp from any 53 to 10.0.0.0/24 add pass tcp from 10.0.0.0/24 to any 53 add pass udp from 10.0.0.0/24 to any 53 Any ideas at all? Thanks, Mark. On Fri, 2003-02-28 at 21:41, Mark wrote: > > > Hello! > > I'm having a real bear of a time getting my ipfw and natd working on > FreeBSD 4.7. > > I've set up everything for gateway operations, ipfw, and natd, and have > set up the firewall, and configured the addresses in /etc/rc.firewall. > > However .... If I every try to use 'simple', I cannot do DNS queries > from inside my network. My network looks like this: > > > outside world -- FREEBSD Router/NATD -- internal net hub > > on the internal hub is a server that runs a DNS server, and all my > other machines, all of which point their DNS at it, and it, in turn, > points its DNS to the outside network. > > Can somebody help me figure out some rules to allow DNS traffic from > that one server through a "simple" firewall, and likewise, all > replies/responses to come back to said server? > > I've been trying all sorts of different things from Google, but nothing > seems to quite do the trick. > > Thanks, > Mark. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message