On 2/27/06, Erik Nørgaard <[EMAIL PROTECTED]> wrote: > Could you change your last rule to this: > > block in log quick on xl0 all > > and then tell what you see in the log. This would give some information > if any traffic is blocked in the first place. Actually, adding the log > keyword to all rules for the xl0 interface might be a good idea for > debugging. > > Also, is this the complete ruleset or did you remove rules you thought > were irrelevant? If so, then post the whole ruleset.
Thank you. I removed 'flags' as it was suggested by Giorgos Keramidas but it didn't help. This is not the complete ruleset, I mean there are a lot of other rules, but I removed everything to be sure and left only outgoing 53/udp, 53/tcp. Once again, I checked this ruleset on 5.3-STABLE with ipf v3.4.35 (336) and it worked good. Adding the 'log' keyword produced the following record: xl0 @0:2 b XXX.XXX.XXX.XXX,53 -> YYY.YYY.YYY.YYY,60808 PR udp len 20 298 IN bad where XXX - is IP address of DNS server of ISP, and YYY is the server I'm running ipf on. There was a hit on a rule allowing outgoing 53/udp and it seems like the response from DNS server was blocked. Outgoing port number returned by YYY is always changing - on a second run it was 51212. Of course I can allow incoming connections to ports > 1024, but I really would like to understand why it was working with ipf v3.4.35 and not with v4.1.8. Once again, thank you all for your help. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
