Section 28.6.5.7 An Example NAT and Stateful Ruleset Example Ruleset #2: ... $cmd 020 $skip tcp from any to x.x.x.x 53 out via $pif setup keep-state ... AFAIK dns use also udp, so tcp is not really correct here. I have changed the tcp->ip, but still was not work because of "setup" :) That mean "tcpflags syn,!ack" what I guess is inaplicable to UDP packets, so it will never pass. Hope you'll change this to something like: $cmd 020 $skip ip from any to x.x.x.x 53 out via $pif keep-state Thanks a lot. I spend on this smth. arround 5 hours, that's why I writing to you right now.. %) I also have added a rule like $cmd 070 $skip ip from me to any out via $pif setup keep-state But again that deamn "setup" %) That's a leson for a enitre life.. -- Best regards, Nicolae Namolovan. _______________________________________________ freebsd-doc@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-doc To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"