From owner-freebsd-security Tue Jul 10 17:25:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from koza.acecape.com (koza2.acecape.com [66.9.36.222]) by hub.freebsd.org (Postfix) with ESMTP id 3388D37B40C for ; Tue, 10 Jul 2001 17:25:53 -0700 (PDT) (envelope-from lists@natserv.com) Received: from p65-147.acedsl.com (p65-147.acedsl.com [66.114.65.147]) by koza.acecape.com (8.10.1/8.9.3) with ESMTP id f6B0Pae12826; Tue, 10 Jul 2001 20:25:37 -0400 (EDT) Date: Tue, 10 Jul 2001 20:27:42 -0400 (EDT) From: Francisco Reyes X-X-Sender: To: Yonatan Bokovza Cc: "'Francisco Reyes'" , "Nickolay A. Kritsky" , Subject: RE: Cant ping/nslookup In-Reply-To: Message-ID: <20010710202436.A22560-100000@zoraida.natserv.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 10 Jul 2001, Yonatan Bokovza wrote: > Your problem as I see it is that you can't communicate > with your DNS, That is correct and part of the problem. > so you can't resolve freebsd.org, so you > can't ping it. Try pinging 216.136.204.21, that's the > resolved address. I also have problems when i try to ping by IP. > However, due to your "grep deny" I don't see any rule > that explicitly allows you to communicate with the rest > of the world, or your DNS for that matter. What I was really trying to show was that all my deny rules had "log", yet my /etc/security is not getting any entries which indicate something is been denied. I just posted another post with my config. also strange is that if I do: ipfw zero ipfw show (after I try ping or nslookup at client) None of the deny clauses is hit, yet my ping and nslookup fail. I am wondering if it couldn't be something with natd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message