From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 9 06:04:50 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D350B16A4CE for ; Tue, 9 Dec 2003 06:04:50 -0800 (PST) Received: from mail.1wisp.com (uslec-66-255-6-131.cust.uslec.net [66.255.6.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 020B143D1D for ; Tue, 9 Dec 2003 06:04:49 -0800 (PST) (envelope-from tscrum@1wisp.com) Received: from 1wispadmin ([192.168.1.94]) (authenticated) by mail.1wisp.com (8.11.6/8.11.6) with ESMTP id hB9E4X214293; Tue, 9 Dec 2003 09:04:33 -0500 Message-ID: <01aa01c3be5d$5ff20b80$5e01a8c0@1wispadmin> From: "Thomas S. Crum - 1WISP, Inc." To: "Gregory Edigarov" , References: <20031209102312.GB529@profi.kharkov.ua> Date: Tue, 9 Dec 2003 09:04:34 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: ipfw keep-state (ASAP anwser need) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 14:04:50 -0000 If you are using the machine as a bridge, then you must specify the ip address of the inside interface that you are running bind on. Replace "me" with the ip. Best, Tom ----- Original Message ----- From: "Gregory Edigarov" To: Sent: Tuesday, December 09, 2003 5:23 AM Subject: ipfw keep-state (ASAP anwser need) > Hello, > > The folowing is a fragment of my rc.firewall which must > allow all > traffic in and out of my named. > > ---- > ipfw add 4100 allow udp from me to any 53 keep-state > ipfw add 4200 allow udp from any to me 53 > ipfw add 4300 allow udp from me 53 to any > --- > This is a fragment from my kernel configuration: > --- > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options IPDIVERT #divert sockets > options IPSTEALTH > options ICMP_BANDLIM > options DUMMYNET > options BRIDGE > options IPFW2 > --- > It doesn't work. What am I missing? > > -- > With best regards, > Gregory Edigarov > -------------------------------------------------------------------------- ---- > profi.kharkov.ua Systems Administrator > -------------------------------------------------------------------------- ---- > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >