IPFW doesn't resolve host names

Vittorio vdemart1 at tin.it
Wed Sep 20 03:07:18 PDT 2006 

Dear friends,
I have a pentium 4 freebsd 6.1 server connected to my 
office win-xp lan. The server smoothly runs sshd, postgresql, samba (to 
connect some /home share and the office win filesystem), vncserver.  
Recently I added the following IPFW firewall (I'm an absolute beginner 
with it) which works ** almost correctly **.
In fact, I can connect via 
ssh (putty under winxp), the pg database works, vncserver too, while 
samba connects to its local windows share  but it's unable to connect 
to the lan filesystem because it is no longer possible to resolve the 
host names. if I ping a host  the answer is invariably 

ping: cannot 
resolve matteo: Host name lookup failure

even though I defined "allow" 
rules for port 53.

Could you please help me? 
############### start of 
example ipfw rules script #############
ipfw -q -f flush       # Delete 
all rules
# Set defaults
oif="fxp0"             # out interface
# Set 
defaults
	gw="10.155.102.6"
cmd="ipfw -q add "     # build rule prefix
ks="keep-state"        # just too lazy to key this each time
$cmd 00500 
check-state
$cmd 00502 deny all from any to any frag
$cmd 00501 deny 
tcp from any to any established
$cmd 00503 allow all from any to any 
via lo0
$cmd 00505 deny all from any to 127.0.0.0/8
$cmd 00508 deny ip 
from 127.0.0.0/8 to any
$cmd 00600 allow tcp from any to me dst-port 
22, 80 via $oif setup $ks
$cmd 00601 allow tcp from any to me dst-port 
81,137,138,139,445 via $oif setup $ks
$cmd 00602 allow tcp from any to 
me dst-port 5432, 5900-5909 via $oif setup $ks
$cmd 00604 allow udp 
from any to me dst-port 81,137,138,139,445 via $oif setup $ks
$cmd 
00605 allow udp from any to me dst-port 5432, 5900 via $oif setup $ks
$cmd 00606 allow tcp from any to $gw 1491
$cmd 00607 allow tcp from $gw 
1491 to any
$cmd 00610 allow tcp from me to any 53 out via $oif
$cmd 
00611 allow tcp from any 50 to me in via $oif
$cmd 00612 allow udp from 
me to any 53 out via $oif
$cmd 00613 allow udp from any 50 to me in via 
$oif
$cmd 00700 allow icmp from any to any via $oif
################### 
End of example ipfw rules script ############

More information about the freebsd-questions mailing list