Re: pf.conf newbie help

From: Dennis Russo (denrusso_at_yahoo.com)
Date: 08/25/04 

Date: 25 Aug 2004 06:04:44 -0700

> How are you sure? Does its /etc/resolv.conf look like this?
>
> [root]# cat /etc/resolv.conf
> lookup file bind
> nameserver 127.0.0.1

I actually don't use my DNS server for that box (the obsd box
performing the NAT - only the machines behind it on my home network
use it), but I did change the resolv.conf file to read what you have
listed.

>
> If you are in an ssh session to the server does it resolve openbsd.org?
>
> [root]# host openbsd.org
> openbsd.org has address 199.185.137.3

Once I made the above change, I ran the above command and received the
same output (199.185.137.3). I am also currently logged into the
machine from outside my network using the domain name (not the IP).

> > When I comment out everything
> > except the nat and add pass in all/pass out all rules, it works great
> > (both for computers accessing the web from behind the obsd box and
> > computers trying to access from the internet). I don't want to
> > firewall packets from my LAN, I want to firewall packets to my LAN.
>
> You should not have any 'pass in' or 'pass out' rules with $IntIF as one
> of the arguments to the rules, except for:
>
> pass in on $IntIF all
> pass out on $IntIF all

When I'm not filtering any packets, I only have my nat line along
with:

pass in all
pass out all

This seems to work (gives me NAT along with the use of my DNS server).
 Of course, this isn't the safest route, and I would like to secure
the connection...

cheers,
dr

Relevant Pages

  • Re: Domain workstation cannot see the domain for adding user permi
    ... My ISP had provided two dns server ... Now I have internet access via the dsl ... use only domain controllers as their preferred DNS servers because in an AD ... The network has a dsl router which only some machines are allowed to use ...
    (microsoft.public.windowsxp.security_admin)
  • Re: DNS not resolving correctly on VPN
    ... When they log in via VPN, we pass the same DNS server. ... I will work with one of this machines today and post back. ... > the users use the OWA from the Internet side? ...
    (microsoft.public.win2000.dns)
  • Re: New XP machines intermittent delays on Domain
    ... When I login into a Windows 2000 active directory from a new xp pro machine ... XP clients can find the DNS server. ... Disable NetBIOS on the interfaces that client will not use. ... >running fine until we purchased some new Dell machines. ...
    (microsoft.public.windowsxp.network_web)
  • Re: DSL + FreeBSD
    ... you can just get a 'modem' (they're not technically modems ... one to the 8-port switch that all the old machines that use ... to use NAT if you have any machines on the private network and they ... private network machines to use IP addresses in the 192.168.1 network ...
    (comp.unix.bsd.freebsd.misc)
  • Re: DNS setup
    ... >> address which changes on a regular basis and the root domain and ... >> I have a number of machines on my wireless network and I would like ... but occasionally network traffic gets really slow and I ... > 1) Set up a local DNS server on all the machines of the network. ...
    (freebsd-questions)