Re: pf.conf newbie help

From: Dennis Russo (denrusso_at_yahoo.com)
Date: 08/25/04 

Date: 24 Aug 2004 18:32:16 -0700

Dave Uhring <daveuhring@yahoo.com> wrote in message news:<pan.2004.08.24.18.03.21.850842@yahoo.com>...
> On Tue, 24 Aug 2004 10:45:42 -0700, Dennis Russo wrote:
>
> > Keith Matthews <invalid@frequentous.co.uk> wrote in message news:<QbmdneFnOsexc7fcRVn-ow@eclipse.net.uk>...
> >> Dennis Russo wrote:
> >>
> >> > Dave Uhring <daveuhring@yahoo.com> wrote in message
>
> >> >> This one is:
> >> >>
> >> >> pass in on $ExtIF inet proto udp from any to any port 53 keep state
> >> >
> >> > Ah, I was allowing port 53 as tcp, not udp. That is my error...
> >> > Thanks alot for the info (I will crawl back under my rock now for not
> >> > knowing that)...
> >> >
> >>
> >>
> >> You need both. UDP is normally used, but a long response will cause TCP to
> >> be used.
> >
> > Thanks for the responses. However, I added the following line
> >
> > pass in on $ExtIF inet proto udp from any to any port 53 keep state
> >
> > but still no dice. I'm using this DNS server mainly as my primary for
> > my small little home network. When I try to apply these rules I do
> > not have DNS capabilty. I thought maybe to add another line similar
> > to the one above only substitute $IntIF for $ExtIF, but still no good
> > (since the queries would be coming from the internal interface??).
> > Any ideas??
>
> Do your hosts on the LAN access the nameserver via $ExtIF or $IntIF?

I have the generic home network setup of all hosts connect via switch
into my obsd box (which has two NICs). $IntIF is connected to the
switch

> Are you even sure the nameserver is working? Why are you firewalling
> packets from your LAN anyway?

I am sure the nameserver is working. When I comment out everything
except the nat and add pass in all/pass out all rules, it works great
(both for computers accessing the web from behind the obsd box and
computers trying to access from the internet). I don't want to
firewall packets from my LAN, I want to firewall packets to my LAN.
Any thoughts??

Thanks again for the responses!!

cheers,
dr

Relevant Pages

  • Re: >>Two XPs cant see each other<<
    ... >>not by either the source or target PC on your LAN. ... Second event: an IPA was given ... your PC registers itself with a DNS server by ...
    (microsoft.public.windowsxp.network_web)
  • Re: Name Resolution
    ... Are ALL Clients/Servers using YOUR DNS server for name resolution? ... When you do nslookup from LAN1 what DNS server does it connect too? ... Both lans can> access the internet however Lan 2 can't resolve Lan 1 client machines. ... MY lan 2 clients can ping>>> everything on Lan 1 but can't do name resolving. ...
    (microsoft.public.windows.server.general)
  • Re: Losing connection to Vista 64 machine
    ... Check your routers DNS server settings, if you are able to provide only the router LAN ip address to the clients. ... Vista machine fine. ...
    (microsoft.public.win2000.networking)
  • Re: Windows Explorer - Folder Pane Doesnt Open
    ... Direct hosted SMBs are not supported by all versions of Windows, ... NetBT based broadcast name resolution is used by 90% of small LANs. ... We have a DNS server set up on the Domain Controller which runs Windows ... LAN, broadcast based name resolution, and NetBT makes sense. ...
    (microsoft.public.windowsxp.network_web)
  • Dropping Netbios over TCP?
    ... My internet connection through this NIC works perfectly. ... The second network card is used to connect me to my office LAN. ... assign a default gateway or DNS server for this NIC because I want the other ... Anyway, when I start this pc, I run the following command in a .bat file to ...
    (microsoft.public.win2000.networking)