Date: Tue, 12 Aug 1997 22:46:39 -0400 (EDT) From: Charles Owens <owensc@enc.edu> To: questions list FreeBSD <freebsd-questions@freebsd.org> Subject: fw natd and failed double reverse DNS lookups Message-ID: <Pine.BSF.3.95q.970812222802.22675B-100000@itsdsv2.enc.edu>
next in thread | raw e-mail | index | archive | help
Greetings,
I've been digging into the ins and outs of ipfw and natd of late, and have
come to a point of confusion regarding ftp servers doing reverse DNS
lookups:
Consider a configuration where natd on a firewall server provides the NAT
function between a private network and the Internet. Suppose a client on
the private net opens an ftp connection to an ftp server on the Internet.
Thanks to natd, is it not true that the ftp server will be 100% convinced
that the ftp client is the firewall _itself_? And, that, if proper
forward and reverse DNS records exist for the firewall, if the server
insists on doing double reverse DNS lookups it will be satisfied?
This makes pretty clear sense to me... am I missing something? If so,
what is the optimum way to satisfy these reverse lookups in the NAT
situation I describe?
I thought that I had this all sorted out, but in my testing I've run
across some ftp sites (ftp.tis.com, for example) for which connections
from my NAT'd clients fail, with the server claiming that reverse lookups
failed.
Thanks,
---
-------------------------------------------------------------------------
Charles N. Owens Email: owensc@enc.edu
http://www.enc.edu/~owensc
Network & Systems Administrator
Information Technology Services "Outside of a dog, a book is a man's
Eastern Nazarene College best friend. Inside of a dog it's
too dark to read." - Groucho Marx
-------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970812222802.22675B-100000>