Firewalls: Re: Apache proxy on Firewall... [solution]

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Apache proxy on Firewall... [solution]
From:	Bob Van Cleef <vancleef @ microunity . com>
Date:	Fri, 28 Feb 1997 16:57:40 -0800
To:	Per Gustavsson <pergu @ jd . se>
Cc:	firewalls @ greatcircle . com
In-reply-to:	Your message of "Fri, 28 Feb 1997 08:59:30 +0100." <c=SE%a=_%p=Juristdata_AB%l=KIRK-970228075930Z-129 @ kirk . jd . se>

To quote from Rodney van den Oever's 
<Rodney .
 van .
 den .
 Oever @
 tip .
 nl> mail message:

> The solution for this is to let the firewall resolve to your internal
> nameserver and let the internal nameserver use the nameserver on your
> firewall as a forwarder.

I decided to add our two internal web servers to the list of those
known to the external nameserver, even though there are no known routes
through the firewall to them.

I decided against adding forwarding to the internal nameserver.

Currently if someone mistakenly uses telnet or ftp to access an
external site they get an immediate warning that the host is unknown.
With the DNS forwarding added to the internal server, they get a time
out when the connection fails, leading them to think there is something
wrong with the target system, not the command that they selected.
(Normal telnet and ftp are used heavily inside the firewall and rtelnet
and rftp are used to access remote hosts.)

Thanks for all of your responses.

Bob

References:

RE: Apache proxy on Firewall...
From: Per Gustavsson <pergu @ jd . se>

Indexed By Date	Previous:	Re: irc and firewalls From: Benedikt Stockebrand <benedikt @ devnull . ruhr . de>
Indexed By Date	Next:	Re: ALL THESE REMOVE MSGS From: Simon Attwell <simon @ itis . com>
Indexed By Thread	Previous:	RE: Apache proxy on Firewall... From: Per Gustavsson <pergu @ jd . se>
Indexed By Thread	Next:	[no subject] From: "D. Chiodo" <djc @ microwave . com>