PF RULES! But mine doesn't ...

Fafa Hafiz Krantz fteg at london.com
Tue May 10 03:23:50 PDT 2005


> It's a question of letting DNS traffic _in_ to your nameserver:
>
> pass in on $ext_if inet proto { tcp, udp } \
> 	from any to ($ext_if) port 53
> 
> ^^^ that lets the traffic in....
> 
> pass out on $ext_if inet proto { tcp, udp } \
> 	from ($ext_if) port 53 to any
> 
> ^^^ and that lets it back out.

Ok, after having added that it seems that my DNS works.
The same goes for my WWW and mail server.

SSH servers are all OK to connect to.

I have to wait like 5 minutes after booting my computer
before I can connect to those certain FTP sites. What's
that all about?

> If you add the "query-source address * port 53;" to your named.conf
> "options" section, that'll suffice; additionally, since your DNS query
> source port is then predictable, you can drop it from the DNS and NTP
> rule.

What do you mean by that?

Anyway, it's pretty close to perfection now :)

Jan, any idea how I can simplify my ruleset?
Also, I'm wondering if I can move the NAT part down below the Outgoing
so I can combine it with the Active FTP ruleset so they don't have to be
spread troughout the conf. Thanks!

--

Fafa Hafiz Krantz
  Research Designer @ http://www.home.no/barbershop
  Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf



-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm



More information about the freebsd-questions mailing list