After further reading in the comp.security.firewalls news group, it looks
like this list might provide a more immediate solution to my particular
problems with Gauntlet 5.0.
Merton Campbell Crockett
---------- Forwarded message ----------
Date: Sun, 26 Dec 1999 11:54:21 -0800
From: Merton Campbell Crockett <[EMAIL PROTECTED]>
Newsgroups: comp.security.firewalls
Subject: Gauntlet 5.x "host=nodnsquery" Question
A customer had another contractor upgrade his firewall to Gauntlet 5.0 last
week. This is a temporary upgrade to an Intel-based system running BSD/OS
pending delivery of hardware and software from Sun Microsystems. As this
upgrade is temporary, no documentation was provided by the contractor.
While the contractor did incorporate the rules and policies from Gauntlet
4.1, there is one significant difference that was not detected during the
installation of the upgrade. The firewall no longer performs an inverse, or
reverse, DNS query.
For political reasons, the customer doesn't have all of his desktop systems
listed in the DNS. Prior to the upgrade, the messages log would record the
connections as
connect host=unknown/999.999.999.999
or
connect host=HOST.SOME.DOMAIN/999.999.999.999
It now records the connections as follows.
connect host=nodnsquery/999.999.999.999
This creates a problem with the new version of smap included in Gauntlet 5.0
as its anti-relay features now drop all mail from the internal mail hub as
the relay rules are based on domain names.
I need to get the old DNS lookup behaviour back. Can someone tell me where
within gauntlet-admin this is configured? (Did I fail to mention that the
source code wasn't included in the upgrade, so I can't find what flag is
being used to disable the DNS lookup?)
This is somewhat critical. :-) If you happen to have the answer, I would
really appreciate it if you would send mail to me directly in addition to
posting to the newsgroup.
Merton Campbell Crockett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
