On 6/18/07, BradenM - Sonoma Computer  wrote:

quoted text
>

> In response to your question and statement: Yes, I'm running PF 4.1 and

> according to Daniel Bernstein, author of DJBDNS, the firewall which is

> employed on my networks router needs to allow traffic from the internal

> network on ports 1024-65535 to any computer's port 53.

>

You can't just copy info from a book without understanding it enough

to fit your needs.  The last sentence above appears to be a rule to

allow internal clients to connect to DNS servers on the Internet.
In your original post you say:  "The commened line, rl1 traffic,

contains the pass rule for any DNS traffic,".  And that line says:
pass in on rl1 proto { tcp, udp } from $dmz_block port 1024:65535 to any port 53
At a quick glance of your rules you aren't letting Internet traffic

resolve your IPs nor are you letting whatever this VR0 network is do

so either.
Greg

--

http://ticketmastersucks.org/tracker.html
Dethink to survive - Mclusky