In a bit of a bind - DNS problems and ipfw
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Mon Nov 14 15:13:39 GMT 2005
Aaron Siegel <bulk_mail at siegel-tech.net> writes:
> Hello
>
> I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
> custom firewall (ipfw) or the "Simple" firewall through rc.firewall my
> clients are unable to resolve DNS when DNS does work with the "Open" ruleset
> that is provide by rc.firewall. I create the custom firewall couple years
> ago and they work fine under 4.11 but after the upgrade I have not been able
> to get them to work.
>
> I sure I am doing something stupid but I am not smart enough to solve it at
> the moment.
>
> Thank you
> Aaron Siegel
>
> Custom firewall rules
> #Allow DNS
> $cmd 019 allow tcp from any to any 53 out via $pif
> $cmd 018 allow udp from any to any 53 out via $pif
You need to let the replies back in.
Try keep-state.
> /etc/rc.conf
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> natd_enable="YES"
> natd_interface="dc0"
>
> ifconfig_dc0="192.168.0.2" #public interface
> ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" #private interface
>
> /etc/rc.conf
> I have commented out the following lines
> #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
Why?
More information about the freebsd-questions
mailing list