named error sending response: permision denied
Stephane Raimbault
stephane at enertiasoft.com
Wed May 18 10:08:27 PDT 2005
On 18-May-05, at 11:03 AM, Jose Hidalgo wrote:
> On Wed, 2005-05-18 at 10:51 -0600, Stephane Raimbault wrote:
>
>
>> I also noticed these errors in my ipfw.log file:
>>
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:3371 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:1420 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:2961 in via vlan1
>> May 18 06:40:03 enertia1 /kernel: ipfw: 65000 Deny UDP
>> 63.252.160.219:53 204.9.110.134:4701 in via vlan1
>>
>
>
> As you can see and according with the ACLs, you have
> the problem when 204.9.110.134 is the client of
> the dns queries.
>
> You may need to add
>
> ${fwcmd} add pass udp from ${ip2} to any 53 keep state
>
Actually... I already had this in another part of my ipfw rules
${fwcmd} add pass udp from ${ip2} to any 53 keep-state
the server itself can also make dns requests out... however it still
seems that requests (not all) are getting kaboshed by something.
> or you may want to reduce the number of rules with:
>
> ${fwcmd} add pass udp from any to any 53 keep state
>
> --
> Jose Hidalgo <jose at hostarica.com>
> Corp. Hostarica S.A.
>
>
More information about the freebsd-ipfw
mailing list