Help pleeeze ! I'm running into the std crappy supt from sun
and the std crappy docs problem with fw-1.
I'm am trying to set up dns with my firewall so that
1) outside requests are serviced by the firewall which
only knows about it's self (mx record)
2) fw uses internal name servers for its own resolving
3) internal servers go outside for resolution
4) no-one outside can get dns from anything other than fw
ok, so I've got 1-3 done noe problemo. the problem is that
I can still go to an outside machine and do an nslookup,
set the server to my internal machines ip and do lookups.
If I change "enable dns" to "before last" in my security policy
and put in a rule "src=NOT(my internal networks), dst=any,
svc=dns, drop" AFTER my existing rule of "src=any, dst=firewall,
svc=dns, accept) things don't work. it appears to disallow answers
to requests made by internal name servers out to the net.
light.....more light !!! I'd love to square this away before the hols.
tia
--------------------------------------------------------------------------
Martin C. Walker | martinw @
epcorp .
com | PP-ASEL,IFR AA5-A 9908U
Project Lead | (513)629-2517 | Blue Belt Okinawan Shuri-Ryu
Eagle-Picher Inc. | Fax: (513)629-2449 | Porsche 911SC
580 Walnut St, | |
Cincinnati, OH 45202 | |
Follow-Ups:
|
|
