Date: Mon, 27 Sep 1999 12:16:25 -0700 From: Joe Bo <ibjoe@home.com> To: Ruslan Ermilov <ru@ucb.crimea.ua> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw, natd and DNS Message-ID: <2.2.32.19990927191625.00926dbc@netmail.home.com>
next in thread | raw e-mail | index | archive | help
Hi Ruslan,
you wrote:
>Argh, Joe :-(
>You didn't mention that you have modified a stock rc.firewall!
>When you have modified it, you deleted some lines, in particular,
>
># Allow access to our DNS
>$fwcmd add pass tcp from any to ${oip} 53 setup
>
>That's the 1st reason that the DNS doesn't work for you.
ooops, sorry! I tried to take out what I didn't need, and
since originally I wasn't using namd I didn't think
I needed it. I forgot to add it back!
Or maybe I thought that because I only wanted my internal net
to access my DNS I didn't need the rule for ${oip}.
I did put it back.
>Also, please note the comment at the beginning of the ``simple'' section
>in rc.firewall, which states:
>:
>: ############
>: # This is a prototype setup for a simple firewall. Configure this machine
>: # as a named server and ntp server, and point all the machines on the inside
>: # at this machine for those services.
>: ############
>:
(your comment rephrased):
>This means that all your <inside hosts> should be configured to
>use <outside nic ip address> as a DNS server,
>but not <ISP DNS ip address>, and this is the 2nd reason
>of failing DNS.
OK. The other stupid thing I forgot to do was to reconfigure the
internal net PCs to use <outside nic ip address> for DNS server,
they were still set up to use <ISP DNS ip address>.
But I must have something wrong with the way I set up named,
because when I made those changes (and rebooted) the PCs can
no longer get out at all. I don't remember the error messages
verbatim, but they had to do with not having a valid DNS server.
I'm not getting any firewall rejects.
I wonder if I can use my <inside nic ip address> instead of my
<outside nic ip address> for DNS since my inside network is
private (RFC1918 type)?
I haven't had a chance to try and track down the named problem
yet, I should work on it more before asking for help.
But if you have any pointers I'm listening!
Once again, thanks much for your help,
Joe
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19990927191625.00926dbc>