Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
RE: [suse-security] Firewall
  • From: "Markus Schmid" <mschmid@xxxxxxxxxxxx>
  • Date: Mon, 12 Feb 2001 12:05:53 +0100
  • Message-id: <GDEALIFDMBMNIKGPMBJHOEKHCIAA.mschmid@xxxxxxxxxxxx>
NAT does replace the source / destination IP address of the transmitting
packet. As you have a DNS request: The NAT process doesn't replace the IP
address of the DNS request field itself. So you get outside the inside DNS IP
address :(

Place the DNS to the outside (DMZ) and have an internal DNS for your clients.
OR
Some firewalls have an option to inspect the DNS request and replace the inside
(DNS) IP address with the outside (DNS) IP address (inside the DNS request
field). This is a static table that you have to configure for each DNS address
you have.

hope that help
Markus

-----Original Message-----
From: Felipe Vilarinho [mailto:fvilarinho@xxxxxxxxxxxxxxxx]
Sent: Monday, February 12, 2001 11:52 AM
To: Markus Schmid
Subject: Re: [suse-security] Firewall


NAT
----- Original Message -----
From: "Markus Schmid" <mschmid@xxxxxxxxxxxx>
To: "Jussi Jääskeläinen" <jussi.jaaskelainen@xxxxxxxxxxxxxx>; "Felipe
Vilarinho" <fvilarinho@xxxxxxxxxxxxxxxx>
Cc: <suse-security@xxxxxxxx>
Sent: Monday, February 12, 2001 7:44 AM
Subject: RE: [suse-security] Firewall


> Do you do NAT / PAT ??
>
> -----Original Message-----
> From: Jussi Jääskeläinen [mailto:jussi.jaaskelainen@xxxxxxxxxxxxxx]
> Sent: Monday, February 12, 2001 10:40 AM
> To: Felipe Vilarinho
> Cc: suse-security@xxxxxxxx
> Subject: Re: [suse-security] Firewall
>
>
> If that DNS-server has public IP then put it in DMZ...
>
> Felipe Vilarinho wrote:
>
> > Hi everyone!
> >
> > I have a LAN that has a Firewall to distribute packets from the Internet
> > over my LAN. The Firewall also masquerade the machines behind it. Now
come
> > my problem! Has it ANY possibilities of a DNS server that is behind the
> > Firewall becomes public for the Internet? I do some experience about
that
> > but no one works. Some one can help me?
> >
> > My Firewall settings:
> >
> > ipchains -P forward DENY
> > ipchains -A forward -j MASQ -s $LOCALNET -d $INTERNET -i eth0
> > ipmasqadm portfw -f
> > ipmasqadm portfw -a -P tcp -L $PUBLICIP 53 -R $LOCALIP 53
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
>
> --
> Jussi Jääskeläinen Email: jussi.jaaskelainen@xxxxxxxxxxxxxx
> Audio Riders Oy Tel: +358-9-276 6820 direct: +358-9-276
68212
> Järvihaantie 4 Mobile: +358-40-554 3689
> FIN-01800 KLAUKKALA Fax: +358-9-879 8045
> FINLAND WWW: http://www.audioriders.fi
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >
This Thread
  • No further messages