From owner-freebsd-net  Fri Feb  2 13:29:45 2001
Delivered-To: freebsd-net@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 4572B37B401
	for <freebsd-net@freebsd.org>; Fri,  2 Feb 2001 13:29:27 -0800 (PST)
Received: (qmail 5285 invoked by uid 1000); 2 Feb 2001 21:29:26 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 2 Feb 2001 21:29:26 -0000
Date: Fri, 2 Feb 2001 15:29:26 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Peter Brezny <peter@sysadmin-inc.com>
Cc: <freebsd-net@freebsd.org>
Subject: Re: ipfw not allowing dns traffic
In-Reply-To: <000801c08d5e$5f4259c0$46010a0a@sysadmininc.com>
Message-ID: <Pine.BSF.4.31.0102021528500.4881-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Fri, 2 Feb 2001, Peter Brezny wrote:

> I thought I had everything.
>
> #	Allow DNS traffic from internet to query your DNS (for reverse
> #	lookups etc).
> 	$fwcmd add allow tcp from any 53 to $ns1 53 setup
> 	$fwcmd add allow udp from any 53 to $ns1 53
> 	$fwcmd add allow udp from $ns1 53 to any 53
>
> but nslookup's fail from outside the firewall on another machine in nslookup
> with server set to my firewall machine.
>
> What have i missed?
>
> Peter Brezny
> SysAdmin Services Inc.

Use dig.  nslookup does superfluous lookups which will display false
failures in many cases.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message