Date: Tue, 19 Mar 2002 18:44:35 +0100 From: Francesco Casadei <fcasadei@inwind.it> To: "Clark C . Evans" <cce@clarkevans.com> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw / tinydns settings Message-ID: <20020319184435.A4231@goku.kasby> In-Reply-To: <20020318212513.A27453@doublegemini.com>; from cce@clarkevans.com on Mon, Mar 18, 2002 at 09:25:13PM -0500 References: <20020318212513.A27453@doublegemini.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 18, 2002 at 09:25:13PM -0500, Clark C . Evans wrote: > Hello. I'm running tinydns on a box with ipfw, > what incantation do I need to allow dns queries > to the box? I have... >=20 > add pass all from any to any via lo0 > add pass udp from any to me 53 keep-state > add pass udp from me to any 53=20 >=20 > Anyway, I read the ipfw manual but I don't=20 > quite grok what's going on; it looks like > the queries are making their way in, but > the response from tinydns is being blocked. =20 > As soon as I put "add pass udp from any to any" > it works... but I did this just to make sure > that it is a ipfw issue. =20 >=20 > Thanks! >=20 > Clark >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message >=20 > end of the original message To allow incoming/outgoing DNS queries I have the following rules in the firewall ruleset file: /sbin/ipfw add check-state /sbin/ipfw add allow udp from any to ${oip} 53 in recv ${oif} keep-state /sbin/ipfw add allow udp from ${oip} to any 53 out xmit ${oif} keep-state ${oip} and ${oif} are respectively the IP address and the name of the output network interface. Francesco Casadei --=20 You can download my public key from http://digilander.iol.it/fcasadei/ or retrieve it from a keyserver (pgpkeys.mit.edu, wwwkeys.pgp.net, ...) Key fingerprint is: 1671 9A23 ACB4 520A E7EE 00B0 7EC3 375F 164E B17B --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8l3kDfsM3XxZOsXsRAnIcAKCBhK5VB0a41OuE1+BMExi9ddYSQACfQ8GV 5uBSumRtexFftx9XnYjZmFA= =KHlI -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319184435.A4231>