[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PF and DNS requests

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: PF and DNS requests
From: Mark Nelson <mn_(_at_)_tardis_(_dot_)_cx>
Date: Wed, 29 Dec 2004 19:38:28 +0000

Hello 

I've just rebuilt my firewall using OpenBSD 3.5, (previously it was
running on NetBSD).  I'm now having problems resolving DNS requests from
my DMZ.  I have the following rules in pf.conf - 
 
pass in quick log on $external_if proto udp from any to 217.169.6.226/32
port 53 keep state

pass in quick on $dmz_if proto udp from any to 217.169.6.226 port   53
keep state 

block in quick log on $external_if from any to any


According to tcpdump, I get the following - 

Dec 29 19:34:09.116338 rule 4/0(match): pass in on xl2:
217.169.6.226.35915 > 193.174.75.146.53:  36873% [1au][|domain]
Dec 2919:34:09.179994 rule 58/0(match): block in on xl0:
193.174.75.146.53 > 217.169.6.226.35915:  36873*[|domain] (DF)


When I remove the block line everything works.


It look like to me (I could be wrong) is that the firewall is not
keeping state.

Any suggestions ?

Mark.

-----------------------------------
Mark Nelson - mn_(_at_)_tardis_(_dot_)_cx
This mail is for the addressee only

[demime 1.01d removed an attachment of type application/pgp-signature]

Follow-Ups:
- Re: PF and DNS requests
  - From: Jason Opperisano

Prev by Date: ipsec tunnel
Next by Date: Re: ipsec tunnel (more info)
Previous by thread: Re: ipsec tunnel (more info)
Next by thread: Re: PF and DNS requests
Index(es):
- Date
- Thread

Visit your host, monkey.org