ipfw a DNS

[Michal Kapalka]

Hello Frankus,

Saturday, September 6, 2003, 5:45:43 PM, you wrote:

F> Dobry den!
F> Mam problem s ipfw na routeru. Na pracovnich stanicich neresolvnu zadny 
F> zaznam, pritom internet chodi. Problem se tyka pravdepodobne dvou 
F> poslednich radku, kazdopadne ja nevim, jake mam udelat zmeny, aby 
F> chodili odpovedi z dns serveru klientum :( Na routeru vse chodi bez 
F> problemu...

F> ipfw show
F> 00100   0      0 allow ip from any to any via lo0
F> 00200   0      0 deny ip from any to 127.0.0.0/8
F> 00300   0      0 deny ip from 192.168.16.0/24 to any in via de0
F> 00400   0      0 deny ip from 62.245.80.0/24 to any in via xl0
F> 00500   3    235 divert 8668 ip from any to any via de0
F> 00600   0      0 deny ip from 10.0.0.0/8 to any via de0
F> 00700   0      0 deny ip from 172.16.0.0/12 to any via de0
F> 00800   0      0 deny ip from 192.168.0.0/16 to any via de0
F> 00900   0      0 deny ip from 0.0.0.0/8 to any via de0
F> 01000   0      0 deny ip from 169.254.0.0/16 to any via de0
F> 01100   0      0 deny ip from 192.0.2.0/24 to any via de0
F> 01200   0      0 deny ip from 224.0.0.0/4 to any via de0
F> 01300   0      0 deny ip from 240.0.0.0/4 to any via de0
F> 01400  71   5810 allow tcp from any to any established
F> 01500   0      0 allow ip from any to any frag
F> 01600   0      0 allow tcp from any to 62.245.80.XX dst-port 22 setup
F> 01700   0      0 deny log tcp from any to any in via de0 setup
F> 01800   0      0 allow tcp from any to any setup
F> *01900   0      0 allow udp from 62.245.80.XX to any dst-port 53 keep-state
F> 02000   0      0 allow udp from 62.245.80.XX 53 to any*
F> 65535 847 105265 deny ip from any to any

dns1="IP1"
dns2="IP2"

${fwcmd} add pass udp from any to ${dns1} 53
${fwcmd} add pass udp from any to ${dns2} 53
${fwcmd} add pass udp from ${dns1} 53 to any
${fwcmd} add pass udp from ${dns2} 53 to any

samozrejme mozes si toto pravidlo upravit este na jednotlive IP1-->IPn




-- 
Best regards,
 Michal                            mailto:kapalka at mfn.sk