From owner-freebsd-questions Tue May 16 6:31:48 2000 Delivered-To: freebsd-questions@freebsd.org Received: from alpha.root-servers.ch (alpha.root-servers.ch [195.49.62.125]) by hub.freebsd.org (Postfix) with SMTP id 500D637B6F0 for ; Tue, 16 May 2000 06:31:43 -0700 (PDT) (envelope-from gabriel_ambuehl-fbquestions@buz.ch) Received: (qmail 32343 invoked from network); 16 May 2000 13:33:39 -0000 Received: from unknown (HELO ATHLON-550) (62.2.99.59) by ns1.root-servers.ch with SMTP; 16 May 2000 13:33:39 -0000 Date: Tue, 16 May 2000 15:32:20 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.42 Beta/19) UNREG / CD5BF9353B3B7091 Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <401891529.20000516153220@buz.ch> To: freebsd-questions@freebsd.org Subject: Re[2]: ipfw documentations, FAQs, tutorials? In-reply-To: <01d201bfbeea$42c51460$0200000a@danco> References: <01d201bfbeea$42c51460$0200000a@danco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello Dan, Tuesday, May 16, 2000, 5:53:13 AM, you wrote: >>That's basically what I did as well (adapted to the daemons I need of >>course) but for some reasons no daemons are accessible from my NT >>desktop. If I change the profile back to OPEN, everything works as it >>should, so it HAS to be an ipfw issue. > Please post your /etc/rc.firewall file so we can see what's going on... Already done. Check <210913272.20000515194932@buz.ch>, Subject: ipfw: HTTP(S) is working but everything else doesn't... >>not a security risk? Doesn't it allow one to connect from port 53 to >>every port on the machine or did I understood something completely >>wrong? > No, it allows for port redirection. If you close it off, no computer behind > the firewall can get DNS services (or receive a response)...Maybe there's a > more secure way, but I can't find one that works... A DNS is running on the bastion host itself... Best regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message