From owner-freebsd-questions Mon May 15 20:53:34 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mostgraveconcern.com (mostgraveconcern.com [216.82.145.240]) by hub.freebsd.org (Postfix) with ESMTP id E9AF037BA0D for ; Mon, 15 May 2000 20:53:31 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Received: from danco (danco.mostgraveconcern.com [10.0.0.2]) by mostgraveconcern.com (8.9.3/8.9.3) with SMTP id UAA38820; Mon, 15 May 2000 20:53:23 -0700 (PDT) (envelope-from dan@mostgraveconcern.com) Message-ID: <01d201bfbeea$42c51460$0200000a@danco> Reply-To: "Dan O'Connor" From: "Dan O'Connor" To: "Gabriel Ambuehl" , Subject: Re: ipfw documentations, FAQs, tutorials? Date: Mon, 15 May 2000 20:53:13 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >That's basically what I did as well (adapted to the daemons I need of >course) but for some reasons no daemons are accessible from my NT >desktop. If I change the profile back to OPEN, everything works as it >should, so it HAS to be an ipfw issue. Please post your /etc/rc.firewall file so we can see what's going on... >BTW: Is >$fwcmd add pass udp from any 53 to any > >not a security risk? Doesn't it allow one to connect from port 53 to >every port on the machine or did I understood something completely >wrong? No, it allows for port redirection. If you close it off, no computer behind the firewall can get DNS services (or receive a response)...Maybe there's a more secure way, but I can't find one that works... --Dan -- Dan O'Connor On Matters of Most Grave Concern http://www.mostgraveconcern.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message