Date: Fri, 27 Aug 1999 16:13:39 -0700 From: Nathan Hackett <zhackett@tus.ssi1.com> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Firewall protected name server? Message-ID: <37C71BA3.AF304DE@tus.ssi1.com> References: <37C7011F.CE378E71@tus.ssi1.com> <37C70759.DA7EB9D1@ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
Evren Yurtesen wrote: > I am not a firewall expert but you should give your firewall's IP address > at name records and all the packets coming to your firewall machine at the > named port should be forwarded to the dns machine inside of the firewall > that machine should be configured as the same as you would do if it was > not behind the firewall but just it should have a nonreal IP address... > there is an option in the ifpw for forwarding packages as far as I know. > > would you let me know if this kind of approach is working? > I may try to implement this later in our network too. > > Evren > I think that you are trying to describe adding a divert rule to the firewall to divert dns traffic to the name server. This solution does not meet my requirement that the name server behind the firewall needs to be addressable from outside the firewall. The reason is that the firewall itself is already a name server and if I divert dns packets, the firewall name server will be bypassed. Thanks, /Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37C71BA3.AF304DE>