> It's a question of letting DNS traffic _in_ to your nameserver:
>
> pass in on $ext_if inet proto { tcp, udp } \
> from any to ($ext_if) port 53
>
> ^^^ that lets the traffic in....
>
> pass out on $ext_if inet proto { tcp, udp } \
> from ($ext_if) port 53 to any
>
> ^^^ and that lets it back out.
Ok, after having added that it seems that my DNS works.
The same goes for my WWW and mail server.
SSH servers are all OK to connect to.
I have to wait like 5 minutes after booting my computer
before I can connect to those certain FTP sites. What's
that all about?
> If you add the "query-source address * port 53;" to your named.conf
> "options" section, that'll suffice; additionally, since your DNS query
> source port is then predictable, you can drop it from the DNS and NTP
> rule.
What do you mean by that?
Anyway, it's pretty close to perfection now :)
Jan, any idea how I can simplify my ruleset?
Also, I'm wondering if I can move the NAT part down below the Outgoing
so I can combine it with the Active FTP ruleset so they don't have to be
spread troughout the conf. Thanks!
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
