[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: BIND 9.2.0 behind IPF
From: barryc <barryc () rjlsystems ! com>
Date: 2002-04-26 13:19:42
[Download RAW message or body]
I accidentally left the floppy at home that I tossed all of the pertinent config
files and test output, so this is going to be a little short on details. I can
post more detailed info this evening when I leave the office.
I have an Sparc 2 running OpenBSD 2.9 at home configured as a NATing firewall
thusly:
168.103.54.200/29
le0 (public)
|
+--------+---------+
| |
le1(DMZ) le2 (private)
192.168.0.1/24 192.168.1.1/24
The following two rules are in /etc/ipnat.rules
rdr le0 168.103.54.201/32 port 53 -> 192.168.0.30 port 53
rdr le2 168.103.54.201/32 port 53 -> 192.168.0.30 port 53
Every other service makes it through the firewall except DNS.
I was running IPF 3.4.21, and I just upgraded to 3.4.26. Still no joy.
In my testing, I replaced my ipf.rules with
pass in all
pass out all
under both versions of ipf, and saw the same behaviour.
Also, from a box on le2, I can do a
dig @192.168.0.30
and see the expected output, but a
dig @168.103.54.201
produces an error about "cannot find any servers" or some such.
as stated earlier, this is the only service which I can't access via the public
IP from le2.
I found the thread beginning here:
http://www.false.net/ipfilter/2000_09/0189.html
but it doesn't look like a resolution to his issue was ever posted.
Did I miss it someplace?
I'll post the testing output this evening after I get home from the office.
I just figured I'd post what I've got now...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic