From owner-freebsd-questions Sun Sep 26 13:13:49 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc1.sfba.home.com (ha1.rdc1.sfba.home.com [24.0.0.66]) by hub.freebsd.org (Postfix) with ESMTP id E18C314C48 for ; Sun, 26 Sep 1999 13:13:47 -0700 (PDT) (envelope-from ibjoe@home.com) Received: from c392156-a.cstvl1.sfba.home.com ([24.1.95.226]) by mail.rdc1.sfba.home.com (InterMail v4.01.01.00 201-229-111) with SMTP id <19990926201347.EWEI8520.mail.rdc1.sfba.home.com@c392156-a.cstvl1.sfba.home.com> for ; Sun, 26 Sep 1999 13:13:47 -0700 Message-Id: <2.2.32.19990926201520.0097ddbc@mail> X-Sender: ibjoe@mail X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sun, 26 Sep 1999 13:15:20 -0700 To: freebsd-questions@FreeBSD.org From: Joe Bo Subject: ipfw, natd and DNS Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I'm running v3.2 with ipfw and natd on a 2 nic machine as a gateway for a RFC1918 network of windows PCs. I changed the firewall type to "simple", and my internal network could no longer get internet access. of course in rc.firewall I have: $fwcmd add divert natd all from any to any via ${natd_interface} as the first line. The problem was the port 53 was not getting though. when I changed the original lines: # Allow DNS queries out in the world $fwcmd add pass udp from any 53 to ${oip} $fwcmd add pass udp from ${oip} to any 53 to # Allow DNS queries out in the world $fwcmd add pass udp from any 53 to any $fwcmd add pass udp from any to any 53 then it worked. Someone told me it was because I didn't have named running, so I added and configured that, it is correct I think. but I still have to have the more open port 53 lines in rc.firewall. Can anyone tell me, am I doing something wrong or ??? Thanks to all who can respond, Joe P.S. I apologize in advance if this has already been discussed, if you point me at the thread I will check it out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message