It's a question of letting DNS traffic _in_ to your nameserver:
pass in on $ext_if inet proto { tcp, udp } \
from any to ($ext_if) port 53
^^^ that lets the traffic in
pass out on $ext_if inet proto { tcp, udp } \
from ($ext_if) port 53 to any
^^^ and that lets it
Correction:
Unless I COMMENT the default deny policy nothing seems to work.
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
--
___
Sign-up for Ads
It's a question of letting DNS traffic _in_ to your nameserver:
pass in on $ext_if inet proto { tcp, udp } \
from any to ($ext_if) port 53
^^^ that lets the traffic in
pass out on $ext_if inet proto { tcp, udp } \
from ($ext_if) port 53 to any
^^^ and that lets it
On Tue, 10 May 2005, Fafa Hafiz Krantz wrote:
Ok, after having added that it seems that my DNS works.
The same goes for my WWW and mail server.
SSH servers are all OK to connect to.
I have to wait like 5 minutes after booting my computer
before I can connect to those certain FTP sites.
On 2005-05-10 05:09, Fafa Hafiz Krantz [EMAIL PROTECTED] wrote:
It's a question of letting DNS traffic _in_ to your nameserver:
pass in on $ext_if inet proto { tcp, udp } \
from any to ($ext_if) port 53
^^^ that lets the traffic in
pass out on $ext_if inet proto { tcp, udp } \
- Original Message -
From: Giorgos Keramidas [EMAIL PROTECTED]
To: Fafa Hafiz Krantz [EMAIL PROTECTED], Jan Grant [EMAIL PROTECTED]
Subject: Re: PF RULES! But mine doesn't ...
Date: Tue, 10 May 2005 13:50:27 +0300
On 2005-05-10 05:09, Fafa Hafiz Krantz [EMAIL PROTECTED] wrote:
It's
The rules I suggested are so that external machines can talk to your DNS
server (querying about the domain it is authoritative for), and so that
responses can get back to those machines.
Your nameserver, however, may also be trying to get requests out. When
it does this, by default, it
On 2005-05-10 07:19, Fafa Hafiz Krantz [EMAIL PROTECTED] wrote:
Giorgos Keramidas [EMAIL PROTECTED] wrote:
Show us the output of:
# pfctl -sr
[snip ruleset]
Hello!
# pfctl -sr
scrub in all fragment reassemble
block drop log all
pass quick on lo0 all
pass quick on ep0 all
On Sun, 8 May 2005, Fafa Hafiz Krantz wrote:
Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
*
Fafa Hafiz Krantz wrote:
Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
* I cannot ping my IP from the
Fafa Hafiz Krantz wrote:
Perhaps you should check the archives. :)
What do you mean? There are many archives out there ...
Please tell me which one?
Thanks!
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
Did
11 matches
Mail list logo
