Date: Tue, 9 Dec 2003 09:04:34 -0500 From: "Thomas S. Crum - 1WISP, Inc." <tscrum@1wisp.com> To: "Gregory Edigarov" <greg@profi.kharkov.ua>, <freebsd-ipfw@freebsd.org> Subject: Re: ipfw keep-state (ASAP anwser need) Message-ID: <01aa01c3be5d$5ff20b80$5e01a8c0@1wispadmin> References: <20031209102312.GB529@profi.kharkov.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
If you are using the machine as a bridge, then you must specify the ip address of the inside interface that you are running bind on. Replace "me" with the ip. Best, Tom ----- Original Message ----- From: "Gregory Edigarov" <greg@profi.kharkov.ua> To: <freebsd-ipfw@freebsd.org> Sent: Tuesday, December 09, 2003 5:23 AM Subject: ipfw keep-state (ASAP anwser need) > Hello, > > The folowing is a fragment of my rc.firewall which must > allow all > traffic in and out of my named. > > ---- > ipfw add 4100 allow udp from me to any 53 keep-state > ipfw add 4200 allow udp from any to me 53 > ipfw add 4300 allow udp from me 53 to any > --- > This is a fragment from my kernel configuration: > --- > options IPFIREWALL #firewall > options IPFIREWALL_VERBOSE #enable logging to syslogd(8) > options IPFIREWALL_FORWARD #enable transparent proxy support > options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity > options IPDIVERT #divert sockets > options IPSTEALTH > options ICMP_BANDLIM > options DUMMYNET > options BRIDGE > options IPFW2 > --- > It doesn't work. What am I missing? > > -- > With best regards, > Gregory Edigarov > -------------------------------------------------------------------------- ---- > profi.kharkov.ua Systems Administrator > -------------------------------------------------------------------------- ---- > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01aa01c3be5d$5ff20b80$5e01a8c0>