IPF firewalling

From: Kövesdán Gábor (gabor.kovesdan_at_freemail.hu)
Date: 01/16/05

Next message: Chris: "Re: Set up of Wireless on laptop"

Previous message: Miguel Mendez: "Re: Samba3/CUPS printing"
Next in thread: Erik Norgaard: "Re: IPF firewalling"
Reply: Erik Norgaard: "Re: IPF firewalling"
Reply: Alvaro J. Gurdián: "Re: IPF firewalling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: <freebsd-questions@freebsd.org>
Date: Sun, 16 Jan 2005 16:35:33 +0100

Hi,

I have some trouble with the ipf configuration. I made the following
ruleset:

pass in quick on rl0 proto udp from any to any port = 68 keep state
pass in quick proto udp from any to any port = 53 keep state keep frags
pass in quick on rl0 proto tcp/udp from any to any port = 42 keep state keep
frags
pass in quick on rl0 proto tcp from any to any port = 22 flags S keep state
pass in quick on rl0 proto tcp from any to any port = 25 keep state
pass in quick on rl0 proto tcp from any to any port = 21 keep state
pass in quick on rl0 proto tcp from any to any port = 20 keep state
pass in quick on rl0 proto tcp from any to any port = 80 keep state

block return-rst in log quick on rl0 proto tcp from any to any
block return-icmp-as-dest(port-unr) in log quick on rl0 proto udp from any
to any
block in quick on rl0 all

pass in quick on lo0 all
pass out quick on lo0 all

Everything seems okay, but the named. Neiher the ISP's nameserver (set by
the dhcp) nor the local nameserver works. BIND 9 wrote this to
/var/log/messages:

Jan 16 13:59:35 server named[1028]: starting BIND 9.3.0 -u named -t
/usr/local/named -c /etc/named.conf
Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: address
in use
Jan 16 13:59:35 server named[1028]: creating IPv4 interface re0 failed;
interface ignored
Jan 16 13:59:35 server named[1028]: could not listen on UDP socket: address
in use
Jan 16 13:59:35 server named[1028]: creating IPv4 interface lo0 failed;
interface ignored
Jan 16 13:59:35 server named[1028]: not listening on any interfaces
Jan 16 13:59:35 server named[1028]: /etc/named.conf:14: couldn't add command
channel 127.0.0.1#953: address in
use
Jan 16 13:59:35 server named[1028]: could not listen on UDP socket:
permission denied
Jan 16 13:59:35 server named[1028]: creating IPv4 interface re0 failed;
interface ignored
Jan 16 13:59:35 server named[1028]: could not listen on UDP socket:
permission denied
Jan 16 13:59:35 server named[1028]: creating IPv4 interface lo0 failed;
interface ignored

The rndc doesn't matter, I'm not going to use it, but the neither named can
listen on the network and the loopback interface. Could You suggest me any
solution for this trouble? Btw, this machine is going to be a web, dns,
mail, etc. server and is being tested on an ordinary cable connection,
that's why I'm using dhcp.

Best regards,

Gábor Kövesdán

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

Next message: Chris: "Re: Set up of Wireless on laptop"

Previous message: Miguel Mendez: "Re: Samba3/CUPS printing"
Next in thread: Erik Norgaard: "Re: IPF firewalling"
Reply: Erik Norgaard: "Re: IPF firewalling"
Reply: Alvaro J. Gurdián: "Re: IPF firewalling"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

RE: IPF firewalling
... pass in quick on rl0 proto udp from any to any port = 68 keep state keep ... pass in quick on rl0 proto tcp from any to any port = 53 flags S keep state ...
(freebsd-questions)
ipfilter config
... I am running a nameserver and do _not_ want to keep state with dns traffic. ... pass out quick on lo0 all ... pass in quick on rl0 proto tcp from any to any port = 22 keep state ... It allows incoming traffic to port 53. ...
(comp.unix.bsd.freebsd.misc)