Does anyone have any further thoughts on this, or could maybe point
me in a direction that could help me solve the problem?
Thanks,
Stephane
On 18-May-05, at 11:08 AM, Stephane Raimbault wrote:
On 18-May-05, at 11:03 AM, Jose Hidalgo wrote:
On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote:
I also noticed these errors in my ipfw.log file:
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
63.252.160.219:53 204.9.110.134:3371 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
63.252.160.219:53 204.9.110.134:1420 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
63.252.160.219:53 204.9.110.134:2961 in via vlan1
May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
63.252.160.219:53 204.9.110.134:4701 in via vlan1
As you can see and according with the ACLs, you have
the problem when 204.9.110.134 is the client of
the dns queries.
You may need to add
${fwcmd} add pass udp from ${ip2} to any 53 keep state
Actually... I already had this in another part of my ipfw rules
${fwcmd} add pass udp from ${ip2} to any 53 keep-state
the server itself can also make dns requests out... however it
still seems that requests (not all) are getting kaboshed by something.
or you may want to reduce the number of rules with:
${fwcmd} add pass udp from any to any 53 keep state
--
Jose Hidalgo <[EMAIL PROTECTED]>
Corp. Hostarica S.A.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-
[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
