faisal gillani wrote:
Well i read couple of how,to artical on the internet
regarding setting up a ipfw firewall with nat to allow
your private network client to setup internet access ,
but their isnt one thing clear to me , which was not
present in any of the articals , which is how there
internal clients gona resolve internet hosts names ?
Generally speaking, a program looking to resolve a hostname to an IP
will first consult /etc/hosts, which is a simple text file you can
examine or edit as you wish. If the hostname which needs to be resolved
isn't present in that file, the program will consult DNS via the
network. DNS uses port 53 and it can use either TCP or UDP, though in
practice a client will never use TCP. (TCP is used mainly for zone
transfers and the like, which are server-to-server.)
The rule of thumb for Unix is not to use hostnames in startup scripts,
because it's possible that DNS will not be available when they are run.
It can take over a minute for a DNS query to time out. Besides, it
also makes you vulnerable to DNS hijacking. Instead, use IPs or put an
entry in /etc/hosts if you must.
Incidentally, the firewall rules to allow DNS would be
ipfw add allow tcp from me to any 53 setup keep-state
ipfw add allow udp from me to any 53 keep-state
As a technical aside, the name resolution path I described above is not
the way it has to work, just the way it is configured by default.
will this be autoconfigured ?
No, though the above rules should be in the sample ipfw script which
comes with FreeBSD.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
