From owner-freebsd-net Fri Feb 2 13:27:24 2001 Delivered-To: freebsd-net@freebsd.org Received: from rapier.smartspace.co.za (rapier.smartspace.co.za [66.8.25.34]) by hub.freebsd.org (Postfix) with SMTP id E96E337B67D for ; Fri, 2 Feb 2001 13:27:03 -0800 (PST) Received: (qmail 29800 invoked by uid 1001); 2 Feb 2001 21:26:48 -0000 Date: Fri, 2 Feb 2001 23:26:48 +0200 From: Neil Blakey-Milner To: Peter Brezny Cc: freebsd-net@freebsd.org Subject: Re: ipfw not allowing dns traffic Message-ID: <20010202232648.A29699@rapier.smartspace.co.za> References: <000801c08d5e$5f4259c0$46010a0a@sysadmininc.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <000801c08d5e$5f4259c0$46010a0a@sysadmininc.com>; from peter@sysadmin-inc.com on Fri, Feb 02, 2001 at 04:23:22PM -0500 Organization: Building Intelligence X-Operating-System: FreeBSD 4.2-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri 2001-02-02 (16:23), Peter Brezny wrote: > I thought I had everything. > > # Allow DNS traffic from internet to query your DNS (for reverse > # lookups etc). > $fwcmd add allow tcp from any 53 to $ns1 53 setup > $fwcmd add allow udp from any 53 to $ns1 53 > $fwcmd add allow udp from $ns1 53 to any 53 > > but nslookup's fail from outside the firewall on another machine in nslookup > with server set to my firewall machine. > > What have i missed? Not all requests will originate from port 53. Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message