RE: Gauntlet Assistance

[Kyle Starkey <KSTARKEY () altera com>]

I am running the NT version of Gauntlet and I wanted to do DNS resolution on
the Firewall, in the logs, the support people told me to set up MSDNS on the
firewall itself... I did this and it still doesn't work.... the NT tech
support sucks so, I just wrote a script that does nslookup on all the
adresses after they come through the logs.... easier than having them
explain the DNS issue... if you are looking to do DNS between machines
behind the firewall and one outside the firewall, just do a packet filter
and make sure the filter originates from inside and has the "with reply"
option set, this should take care of it

-Kyle



-----Original Message-----
From: Shivdasani, Meenoo [mailto:Meenoo_Shivdasani () NAI com]
Sent: Thursday, September 09, 1999 7:00 AM
To: Tina Bird; firewall-wizards () nfr net
Subject: RE: Gauntlet Assistance



> Any one out there managed to use Gauntlet packet filters to pass UDP
> traffic (specifically,
> DNS) between interfaces?
>
> If so, can you provide any pointers?

Are you using the NT version or the Unix version?

If the Unix version, I'd recommend doing split DNS and running named on the
firewall itself.

If that's not an option, for whatever reason, you ought to be able to packet
filter the traffic, but if your internal addresses are not routeable you'll
need to add NAT into the picture.  That combo should work on both NT and
Unix.

M