On 6/18/07, BradenM - Sonoma Computer <[EMAIL PROTECTED]> wrote:
In response to your question and statement: Yes, I'm running PF 4.1 and
according to Daniel Bernstein, author of DJBDNS, the firewall which is
employed on my networks router needs to allow traffic from the internal
network on ports 1024-65535 to any computer's port 53.
You can't just copy info from a book without understanding it enough
to fit your needs. The last sentence above appears to be a rule to
allow internal clients to connect to DNS servers on the Internet.
In your original post you say: "The commened line, rl1 traffic,
contains the pass rule for any DNS traffic,". And that line says:
pass in on rl1 proto { tcp, udp } from $dmz_block port 1024:65535 to any port 53
At a quick glance of your rules you aren't letting Internet traffic
resolve your IPs nor are you letting whatever this VR0 network is do
so either.
Greg
--
http://ticketmastersucks.org/tracker.html
Dethink to survive - Mclusky
