On 2005-05-10 07:19, Fafa Hafiz Krantz <[EMAIL PROTECTED]> wrote:
> "Giorgos Keramidas" <[EMAIL PROTECTED]> wrote:
> > Show us the output of:
> >
> > # pfctl -sr
> >
> > [snip ruleset]
>
> Hello!
>
> # pfctl -sr
>
> scrub in all fragment reassemble
> block drop log all
> pass quick on lo0 all
>
> The rules I suggested are so that external machines can talk to your DNS
> server (querying about the domain it is authoritative for), and so that
> responses can get back to those machines.
>
> Your nameserver, however, may also be trying to get requests out. When
> it does this, by default, i
- Original Message -
From: "Giorgos Keramidas" <[EMAIL PROTECTED]>
To: "Fafa Hafiz Krantz" <[EMAIL PROTECTED]>, "Jan Grant" <[EMAIL PROTECTED]>
Subject: Re: PF RULES! But mine doesn't ...
Date: Tue, 10 May 2005 13:50:27 +0300
>
&g
On 2005-05-10 05:09, Fafa Hafiz Krantz <[EMAIL PROTECTED]> wrote:
>> It's a question of letting DNS traffic _in_ to your nameserver:
>>
>> pass in on $ext_if inet proto { tcp, udp } \
>> from any to ($ext_if) port 53
>>
>> ^^^ that lets the traffic in
>>
>> pass out on $ext_if inet proto {
On Tue, 10 May 2005, Fafa Hafiz Krantz wrote:
> Ok, after having added that it seems that my DNS works.
> The same goes for my WWW and mail server.
>
> SSH servers are all OK to connect to.
>
> I have to wait like 5 minutes after booting my computer
> before I can connect to those certain FTP si
> It's a question of letting DNS traffic _in_ to your nameserver:
>
> pass in on $ext_if inet proto { tcp, udp } \
> from any to ($ext_if) port 53
>
> ^^^ that lets the traffic in
>
> pass out on $ext_if inet proto { tcp, udp } \
> from ($ext_if) port 53 to any
>
> ^^^ and that
Correction:
Unless I COMMENT the default deny policy nothing seems to work.
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
--
___
Sign-up for Ads
> It's a question of letting DNS traffic _in_ to your nameserver:
>
> pass in on $ext_if inet proto { tcp, udp } \
> from any to ($ext_if) port 53
>
> ^^^ that lets the traffic in
>
> pass out on $ext_if inet proto { tcp, udp } \
> from ($ext_if) port 53 to any
>
> ^^^ and that
Fafa Hafiz Krantz wrote:
Perhaps you should check the archives. :)
What do you mean? There are many archives out there ...
Please tell me which one?
Thanks!
--
Fafa Hafiz Krantz
Research Designer @ http://www.home.no/barbershop
Enlightened @ http://www.home.no/barbershop/smart/sharon.pdf
Did
Fafa Hafiz Krantz wrote:
Hello.
My ruleset is all twisted.
Unless I disable the default deny policy, this is what happens:
* My nameserver setup goes disfunctional.
* My web, mail and fileserver goes disfunctional.
* I cannot SSH and FTP into certain servers.
* I cannot ping my IP from the outs
On Sun, 8 May 2005, Fafa Hafiz Krantz wrote:
> Hello.
>
> My ruleset is all twisted.
> Unless I disable the default deny policy, this is what happens:
>
> * My nameserver setup goes disfunctional.
> * My web, mail and fileserver goes disfunctional.
> * I cannot SSH and FTP into certain server
11 matches
Mail list logo
