Do you do NAT / PAT ??
-----Original Message----- From: Jussi Jääskeläinen [mailto:jussi.jaaskelainen@audioriders.fi] Sent: Monday, February 12, 2001 10:40 AM To: Felipe Vilarinho Cc: suse-security@suse.com Subject: Re: [suse-security] Firewall
If that DNS-server has public IP then put it in DMZ...
Felipe Vilarinho wrote:
Hi everyone!
I have a LAN that has a Firewall to distribute packets from the Internet over my LAN. The Firewall also masquerade the machines behind it. Now come my problem! Has it ANY possibilities of a DNS server that is behind the Firewall becomes public for the Internet? I do some experience about
NAT does replace the source / destination IP address of the transmitting
packet. As you have a DNS request: The NAT process doesn't replace the IP
address of the DNS request field itself. So you get outside the inside DNS IP
address :(
Place the DNS to the outside (DMZ) and have an internal DNS for your clients.
OR
Some firewalls have an option to inspect the DNS request and replace the inside
(DNS) IP address with the outside (DNS) IP address (inside the DNS request
field). This is a static table that you have to configure for each DNS address
you have.
hope that help
Markus
-----Original Message-----
From: Felipe Vilarinho [mailto:fvilarinho@unetworks.com.br]
Sent: Monday, February 12, 2001 11:52 AM
To: Markus Schmid
Subject: Re: [suse-security] Firewall
NAT
----- Original Message -----
From: "Markus Schmid"
but no one works. Some one can help me?
My Firewall settings:
ipchains -P forward DENY ipchains -A forward -j MASQ -s $LOCALNET -d $INTERNET -i eth0 ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L $PUBLICIP 53 -R $LOCALIP 53
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Jussi Jääskeläinen Email: jussi.jaaskelainen@audioriders.fi Audio Riders Oy Tel: +358-9-276 6820 direct: +358-9-276 68212 Järvihaantie 4 Mobile: +358-40-554 3689 FIN-01800 KLAUKKALA Fax: +358-9-879 8045 FINLAND WWW: http://www.audioriders.fi
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com