From owner-freebsd-questions  Wed Apr  2 12:14:39 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id MAA20908
          for questions-outgoing; Wed, 2 Apr 1997 12:14:39 -0800 (PST)
Received: from Kitten.mcs.com (Kitten.mcs.com [192.160.127.90])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA20893
          for <questions@freebsd.org>; Wed, 2 Apr 1997 12:14:36 -0800 (PST)
Received: from Jupiter.Mcs.Net (ljo@Jupiter.mcs.net [192.160.127.88]) by Kitten.mcs.com (8.8.5/8.8.2) with ESMTP id OAA19693; Wed, 2 Apr 1997 14:14:25 -0600 (CST)
Received: (from ljo@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id OAA00341; Wed, 2 Apr 1997 14:14:25 -0600 (CST)
From: Lars Jonas Olsson <ljo@mcs.net>
Message-Id: <199704022014.OAA00341@Jupiter.Mcs.Net>
Subject: Firewall for internal DNS server?
To: questions@freebsd.org
Date: Wed, 2 Apr 1997 14:14:24 -0600 (CST)
Cc: ljo@mcs.net
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

 I have a FreeBSD machine that's connected to internet and local LAN.
The LAN has IP #s 10.x.x.x. The FreeBSD server runs sendmail, popper,
squid, and named (DNS). The FreeBSD server does not forward packets.

 DNS is setup to be primary for 10.x.x.x and caching for everything
else.

 There is currently no firewall or tcpwrappers etc running on server.
Most services have been disabled and only a few people have login
accounts. Many more have POP accounts with no login shell and no login
directory.

 What's the best way to keep outside people from using the DNS server
on the FreeBSD host? We only want to be able to get mail via pop and
send mail via smtp from outside.

Jonas