Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Mar 2002 18:44:35 +0100
From:      Francesco Casadei <fcasadei@inwind.it>
To:        "Clark C . Evans" <cce@clarkevans.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: ipfw / tinydns settings
Message-ID:  <20020319184435.A4231@goku.kasby>
In-Reply-To: <20020318212513.A27453@doublegemini.com>; from cce@clarkevans.com on Mon, Mar 18, 2002 at 09:25:13PM -0500
References:  <20020318212513.A27453@doublegemini.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 18, 2002 at 09:25:13PM -0500, Clark C . Evans wrote:
> Hello.  I'm running tinydns on a box with ipfw,
> what incantation do I need to allow dns queries
> to the box?  I have...
>=20
> add pass all from any to any via lo0
> add pass udp from any to me 53 keep-state
> add pass udp from me to any 53=20
>=20
> Anyway, I read the ipfw manual but I don't=20
> quite grok what's going on; it looks like
> the queries are making their way in, but
> the response from tinydns is being blocked. =20
> As soon as I put "add pass udp from any to any"
> it works... but I did this just to make sure
> that it is a ipfw issue. =20
>=20
> Thanks!
>=20
> Clark
>=20
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>=20
> end of the original message

To allow incoming/outgoing DNS queries I have the following rules in the
firewall ruleset file:

/sbin/ipfw add check-state
/sbin/ipfw add allow udp from any to ${oip} 53 in recv ${oif} keep-state
/sbin/ipfw add allow udp from ${oip} to any 53 out xmit ${oif} keep-state

${oip} and ${oif} are respectively the IP address and the name of the output
network interface.

	Francesco Casadei
 --=20
You can download my public key from http://digilander.iol.it/fcasadei/
or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...)

Key fingerprint is: 1671 9A23 ACB4 520A E7EE  00B0 7EC3 375F 164E B17B


--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8l3kDfsM3XxZOsXsRAnIcAKCBhK5VB0a41OuE1+BMExi9ddYSQACfQ8GV
5uBSumRtexFftx9XnYjZmFA=
=KHlI
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319184435.A4231>