From owner-freebsd-security  Wed Dec 26 13:22:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11802.mail.yahoo.com (web11802.mail.yahoo.com [216.136.172.156])
	by hub.freebsd.org (Postfix) with SMTP id 02A6D37B416
	for <security@freebsd.org>; Wed, 26 Dec 2001 13:22:08 -0800 (PST)
Message-ID: <20011226212207.32187.qmail@web11802.mail.yahoo.com>
Received: from [64.73.64.94] by web11802.mail.yahoo.com via HTTP; Wed, 26 Dec 2001 13:22:07 PST
Date: Wed, 26 Dec 2001 13:22:07 -0800 (PST)
From: X Philius <xphilius@yahoo.com>
Reply-To: xphilius@yahoo.com
Subject: Re: Help with ipfw rules to allow DNS queries through
To: security@freebsd.org, "Timothy S. Bowers" <tim@nol.co.za>
In-Reply-To: <5.0.2.1.2.20011226230046.01470180@nol.co.za>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Timothy and others,
Nope, I have my own internal and external IP. As far as I understand
it, the NAT rules are set up with a minimum of complexity, and should
just translate everything in both directions between my internal and
external addresses. I have a good working relationship with our IS guy
who manages the router, so if I need to make a change on the router I
probably can, but as far as I understand the NAT should not be
interfering with anything.

Jason

--- "Timothy S. Bowers" <tim@nol.co.za> wrote:
> I don't think you can use DNS behind NAT.  Remember all of the
> internal machines behind the NAT cisco router will be using the same
> 1 external IP. ...unless it was specificaly set up so that your
> certain IP will get its own external IP.
> 
> So in short.. it won't work with any ipfw settings.. you will have to
> play with the cisco router! :)
> 
> hope this helps you.
> 
> Timothy

__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message