General discussion

Locked

FireWall-1 and MS DNS

By timber ·
I just implemented Firewall-1 ver. 4.1 on a Windows NT Server. The firewall runs great however I tried to move my two DNS servers behind the firewall yesterday and had severe problems. I set up the rules just as I did for my web servers that I moved with the exception of using DNS service instead of web services. I am using automatic NAT. When I moved DNS 2 (my secondary DNS Server)DNS 1 (Primary) preformed nonstop read /write hard drive activity. When I moved DNS 1 behind the firewall theactivity did not stop and noone inside or outside the firewall could acces our internal web pages.... Internal clients could not access the internet either. What did I do wrong?? Any ideas???

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

FireWall-1 and MS DNS

by otto3 In reply to FireWall-1 and MS DNS

Without knowing more specifics about the your network, it seems that you should use static NAT for the DNS. Check in the logs to see what happens to the DNS traffic. You might have the correct firewall setup, but missing a route from the external address of the DNS server to the internal address of the DNS server. In that case do a route add:

route add -p 111.111.111.x 192.168.1.x

This would allow the firewall to find the DNS server. Look up the route add command syntex, my sample might incorrect.

Otto

Collapse -

FireWall-1 and MS DNS

by timber In reply to FireWall-1 and MS DNS

Decided to just leave those DNS servers outside the firewall and put up an internal DNS Server.

Collapse -

FireWall-1 and MS DNS

by otto3 In reply to FireWall-1 and MS DNS

Oops.... For static NAT you'd also need a local.arp file on the firewall for the valid external IP of the DNS servers. Alternatively, you assigned two more external IP addresses for the firewall's external NIC under NT. That would work also.

Otto

Collapse -

FireWall-1 and MS DNS

by timber In reply to FireWall-1 and MS DNS
Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums