SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-17-2008, 03:03 AM
| ||||
| ||||
 Re: OpenBSD PF refuses to allow incoming DNS <pezking@gmail.com <<pezking@gmail.com> wrote: > I am very new to OpenBSD, but have been using FreeBSD with ipfilter > for years now.I think I have discovered somewhat of an anomaly. After > careful review of my rules and subsequent testing, I cannot seem to > allow port 53 to pass to my tinydns server (hosted on FreeBSD) on the > inside of my network. What makes this interesting, is that every other > port defined by the "services" macro, is open. > > I am really scratching my head over this one, any help is appreciated, > and thanks in advance! Take a look at /var/log/pflog: tcpdump -n -e -ttt /var/log/pflog tcpdump -n -e -ttt /var/log/pflog port 53 tcpdump -n -e -ttt /var/log/pflog action block Helmut -- No Swen today, my love has gone away My mailbox stands for lorn, a symbol of the dawn      |
|
02-20-2008, 04:22 PM
| ||||
| ||||
| Re: OpenBSD PF refuses to allow incoming DNS So, after acquiring some of Jason's help, and troubleshooting this for days, here is where I stand currently. I have just hooked up my old FreeBSD firewall (with ipfilter/ipnat), and it is allowing incoming dns connections ("allowing," read on). However, the interesting thing is, when I do a port check from the outside, I get the same result as I did with my OpenBSD firewall, dns "times out." What is odd about this, is the fact that it apparently allows people through, because the nameservers for my domain are literally behind this firewall - without them, no one would know how to get to any of the hosts defined within them. So, how is this possible, and why? If it says the port is closed, how can it possibly be passing through? Strangely, on both firewalls, if I allow only port 53 UDP, the connection times out. If I allow port 53 TCP, it comes up as closed. The only thing I can think of is that my ISP is for some reason blocking port 53, but in that case, people wouldn't be able to do lookups on my namservers, and have it work properly. Any help is still appreciated, and thanks so far. -Shane |
Linear Mode
