FW: [Freebsd-security] ipfw + named problem

Remko Lodder remko at elvandar.org
Fri Jan 23 01:54:58 PST 2004 

forgot this addr.

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: Remko Lodder [mailto:remko at elvandar.org]
Verzonden: vrijdag 23 januari 2004 10:53
Aan: Nick Twaddell
Onderwerp: RE: [Freebsd-security] ipfw + named problem


did you tcpdump the packets so that you can follow his tail and see where
the packets are not routed anymore? perhaps another filter is in place
somewhere?
what does your logging say,
can you log with ipfw ? (i don't know ipfw sorry ;-) )
perhaps you can add more logrules to follow the blocks and these explicit
accepts?

cheers

--

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene

-----Oorspronkelijk bericht-----
Van: freebsd-security-bounces at lists.elvandar.org
[mailto:freebsd-security-bounces at lists.elvandar.org]Namens Nick Twaddell
Verzonden: vrijdag 23 januari 2004 10:47
Aan: security at freebsd.org
Onderwerp: [Freebsd-security] ipfw + named problem


Ok, I am really stumped on this one.  I setup ipfw with all my rules.
Everything works great except for dns.  If I do nslookup I get

-su-2.05b# nslookup yahoo.com
Server:  localhost.webspacesolutions.com
Address:  127.0.0.1

*** localhost.webspacesolutions.com can't find yahoo.com: Non-existent
host/domain

This is what I have in my ipfw.rules

add 00310 allow tcp from any to any 53 out via de0 setup keep-state
add 00311 allow udp from any to any 53 out via de0 keep-state

What am I missing??

Thanks

Nick

_______________________________________________
freebsd-security at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
_______________________________________________
Freebsd-security mailing list
Freebsd-security at lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/freebsd-security

More information about the freebsd-security mailing list