Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 May 2005 07:10:20 -0600
From:      Stephane Raimbault <stephane@enertiasoft.com>
To:        Stephane Raimbault <stephane@enertiasoft.com>
Cc:        Jose Hidalgo <jose@hostarica.com>
Subject:   Re: named error sending response: permision denied
Message-ID:  <5D5EFEE7-F123-43CB-A40E-7FF7EAF03C07@enertiasoft.com>
In-Reply-To: <DBDEAE42-4CD3-4989-AEB8-CF4794942240@enertiasoft.com>
References:  <39F3A41D-9555-452F-8B41-3EA03E1AC460@enertiasoft.com> <1116435784.34699.23.camel@jose> <DBDEAE42-4CD3-4989-AEB8-CF4794942240@enertiasoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Does anyone have any further thoughts on this, or could maybe point  
me in a direction that could help me solve the problem?

Thanks,
Stephane


On 18-May-05, at 11:08 AM, Stephane Raimbault wrote:

>
> On 18-May-05, at 11:03 AM, Jose Hidalgo wrote:
>
>
>> On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote:
>>
>>
>>
>>> I also noticed these errors in my ipfw.log file:
>>>
>>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>>> 63.252.160.219:53 204.9.110.134:3371 in via vlan1
>>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>>> 63.252.160.219:53 204.9.110.134:1420 in via vlan1
>>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>>> 63.252.160.219:53 204.9.110.134:2961 in via vlan1
>>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>>> 63.252.160.219:53 204.9.110.134:4701 in via vlan1
>>>
>>>
>>
>>
>> As you can see and according with the ACLs, you have
>> the problem when 204.9.110.134 is the client of
>> the dns queries.
>>
>> You may need to add
>>
>> ${fwcmd} add pass udp from ${ip2} to any 53 keep state
>>
>>
>
> Actually... I already had this in another part of my ipfw rules
>
> ${fwcmd} add pass udp from ${ip2} to any 53 keep-state
>
>
> the server itself can also make dns requests out...  however it  
> still seems that requests (not all) are getting kaboshed by something.
>
>
>
>> or you may want to reduce the number of rules with:
>>
>> ${fwcmd} add pass udp from any to any 53 keep state
>>
>> -- 
>> Jose Hidalgo <jose@hostarica.com>
>> Corp. Hostarica S.A.
>>
>>
>>
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw- 
> unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5D5EFEE7-F123-43CB-A40E-7FF7EAF03C07>