From owner-freebsd-questions@FreeBSD.ORG Sat Feb 14 18:09:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2378716A4CE for ; Sat, 14 Feb 2004 18:09:16 -0800 (PST) Received: from falcon.midgard.homeip.net (h201n1fls24o1048.bredband.comhem.se [212.181.162.201]) by mx1.FreeBSD.org (Postfix) with SMTP id 4308643D1F for ; Sat, 14 Feb 2004 18:09:15 -0800 (PST) (envelope-from ertr1013@student.uu.se) Received: (qmail 57889 invoked by uid 1001); 15 Feb 2004 02:09:13 -0000 Date: Sun, 15 Feb 2004 03:09:13 +0100 From: Erik Trulsson To: Eric F Crist Message-ID: <20040215020913.GA56178@falcon.midgard.homeip.net> Mail-Followup-To: Eric F Crist , freebsd-questions@freebsd.org, Jez Hancock References: <20040214233615.GB38665@users.munk.nu> <200402141942.38712.ecrist@adtechintegrated.com> <20040215015007.GA53079@falcon.midgard.homeip.net> <200402142001.13194.ecrist@adtechintegrated.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402142001.13194.ecrist@adtechintegrated.com> User-Agent: Mutt/1.5.6i cc: Jez Hancock cc: freebsd-questions@freebsd.org Subject: Re: continued IPFW issues... (actually a lack of ability on my part) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Feb 2004 02:09:16 -0000 On Sat, Feb 14, 2004 at 08:01:07PM -0600, Eric F Crist wrote: > My bad, I found the log entry after your prodding. After enabling logging in > the ruleset and enabling the sysctl variable, I get the following output in a > tail /var/log/security: > > Feb 14 19:59:44 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51598 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:45 grog kernel: ipfw: 65534 Deny UDP 204.147.80.1:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:46 grog kernel: ipfw: 65534 Deny UDP 204.127.202.4:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:50 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51599 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:55 grog kernel: ipfw: 65534 Deny UDP 204.127.202.4:53 > 63.228.14.241:49152 in via dc0 > Feb 14 19:59:56 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51600 > 255.255.255.255:61112 in via dc0 > Feb 14 19:59:59 grog kernel: ipfw: 65534 Deny UDP 204.147.80.5:53 > 63.228.14.241:49152 in via dc0 > Feb 14 20:00:02 grog kernel: ipfw: 65534 Deny UDP 204.147.80.5:53 > 63.228.14.241:49152 in via dc0 > Feb 14 20:00:02 grog kernel: ipfw: 65534 Deny UDP 192.168.0.1:51601 > 255.255.255.255:61112 in via dc0 > Feb 14 20:00:03 grog kernel: ipfw: 65534 Deny UDP 204.147.80.1:53 > 63.228.14.241:49152 in via dc0 > > I would assume I need to enable a rule such as: > > ipfw add allow udp from any to me 53 > > Is this correct? TIA I don't think so. The entries of the form 'Deny UDP 204.147.80.1:53 63.228.14.241:49152 in via dc0' would appear to be replies to your DNS queries. They go to the port from which the DNS query was sent (49152 in this case). You need to make sure that you allow replies to connections you initiate to get through. Take a look at the check-state/established/keepstate stuff people have repeatedly told you to use. They are probably what you want. -- Erik Trulsson ertr1013@student.uu.se