From owner-freebsd-questions  Mon Oct 29  6:54: 0 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ashram.rhavenn.net (ashram.rhavenn.net [209.150.195.50])
	by hub.freebsd.org (Postfix) with ESMTP id CE74037B403
	for <freebsd-questions@FreeBSD.ORG>; Mon, 29 Oct 2001 06:53:55 -0800 (PST)
Received: from there (2144396d1b1a9967f1193a003fc64759@gandalf.rhavenn.net [209.150.195.51])
	by ashram.rhavenn.net (8.11.3/8.11.3) with SMTP id f9UEt4l29746;
	Tue, 30 Oct 2001 08:56:07 -0600 (CST)
Message-Id: <200110301456.f9UEt4l29746@ashram.rhavenn.net>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Henrik Hudson <lists@rhavenn.net>
Reply-To: lists@rhavenn.net
To: "Ben Witkowski" <ben@alohagrowers.com>,
	<freebsd-questions@FreeBSD.ORG>
Subject: Re: Firewall on 4.4
Date: Mon, 29 Oct 2001 09:00:05 -0600
X-Mailer: KMail [version 1.3]
References: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
In-Reply-To: <DBEEJCFFMKHFOCLJLKFBGEJGCAAA.ben@alohagrowers.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

You have of course modifed /etc/rc.firewall and the "simple" section for your 
specific setup, right?

Basic DNS queries run over UDP if I remember correctly, so I would start by 
checking your setup in /etc/rc.firewall and making sure both interfaces are 
being allowed in/out, etc...

Henrik

On Monday 29 October 2001 02:42, Ben Witkowski wrote:
>  FreeBSD firewall.unitedglobaltrading.com 4.4-STABLE FreeBSD 4.4-STABLE #2:
>  Thu Sep 27 18:02:08 PDT 2001
>  ben@firewall.unitedglobaltrading.com:/usr/obj/usr/src/sys/FIREWALL  i386
>
>  i've installed a primary dns server on the above machine.
>
>  the firewall is running "open", as "simple" type doesn't allow tcp traffic
>  through..we still don't know why..
>
>  the main question/problem is the name server.
>  it resolves hostnames fine on the internal network, but not on the outside
>  interface.  is there some firewall config to allow the name server to send
>  and receive queries from ports other than 53?  or should i consider
>  re-configuring bind to revert to its old behavior with the query-source
>  substatement?  or is there any other know config elsewhere that might be
>  causing this?
>
>  much appreciation..
>
>  -ben
>  aloha, oregon
>
>
>  To Unsubscribe: send mail to majordomo@FreeBSD.org
>  with "unsubscribe freebsd-questions" in the body of the message

-- 

Henrik Hudson
lists@rhavenn.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message