Re: pf.conf newbie help

From: Dave Uhring (daveuhring_at_yahoo.com)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 13:03:24 -0500

On Tue, 24 Aug 2004 10:45:42 -0700, Dennis Russo wrote:

> Keith Matthews <invalid@frequentous.co.uk> wrote in message news:<QbmdneFnOsexc7fcRVn-ow@eclipse.net.uk>...
>> Dennis Russo wrote:
>>
>> > Dave Uhring <daveuhring@yahoo.com> wrote in message

>> >> This one is:
>> >>
>> >> pass in on $ExtIF inet proto udp from any to any port 53 keep state
>> >
>> > Ah, I was allowing port 53 as tcp, not udp. That is my error...
>> > Thanks alot for the info (I will crawl back under my rock now for not
>> > knowing that)...
>> >
>>
>>
>> You need both. UDP is normally used, but a long response will cause TCP to
>> be used.
>
> Thanks for the responses. However, I added the following line
>
> pass in on $ExtIF inet proto udp from any to any port 53 keep state
>
> but still no dice. I'm using this DNS server mainly as my primary for
> my small little home network. When I try to apply these rules I do
> not have DNS capabilty. I thought maybe to add another line similar
> to the one above only substitute $IntIF for $ExtIF, but still no good
> (since the queries would be coming from the internal interface??).
> Any ideas??

Do your hosts on the LAN access the nameserver via $ExtIF or $IntIF?

Are you even sure the nameserver is working? Why are you firewalling
packets from your LAN anyway?

The PF rule which I posted is in use right now on the Internet. It's on
the primary nameserver for an ISP.

Relevant Pages

  • Re: Finding multi-homed, internet connected, systems as potential point-of-entry.
    ... It uses ICMP and may or may not work depending on how the local network is set up. ... that are able to directly connect to the internet ... -Detect for the response of this message on the spoofed address at the ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: Outlook Express shortcut issues
    ... I cannot find my response anywhere on the ... Internet Options box and look at the Programs ... tab. ... >default email client on your computer. ...
    (microsoft.public.windowsxp.general)
  • Re: House Members Look to Ban Bilingual Ballots
    ... Getting a response out of Rump was ... Isn't internet wonderful! ... You thought of that response after the ... never spout the same hate in "real life" except among fellow ...
    (soc.retirement)
  • Re: Letter of claim - p2p
    ... should tell them that you *still* await a CPR-compliant expert's report ... articulated, strong response letter. ... it's the end of consumer internet access the way we know it. ... Please PM / email me to dotpixeldot if you're ...
    (uk.legal)
  • Re: Telephone activation of XP
    ... Is there a chance you can connect to the internet ... > reinstall, you might ... with the activation window open. ... >>> response was, "I'm sorry I can't help you." ...
    (microsoft.public.windowsxp.general)