After doing a major revamp of my firewall rulebase, I was having problems
having
my internal DNS server resolve some names. I ran Sniffer on the segment
between
the firewall and our ISP's router, and was amazed to see the internal source
address of the DNS server being used! Since our internal network uses
RFC1918
reserved addresses, I had defined static NAT entries for the DNS servers.
Even
more interesting is the fact that sometimes the firewall DID translate!
For example, we set up the NAT rules as follows:
Original Packet Translated Packet
Source Destination Service Source Destination Service
Install On
DNS-int Any Any DNS-ext Original Original FW-Svr
Any DNS-ext Any Original DNS-int Original FW-Svr
What was interesting was:
1. Packets from DNS-int to our ISP's DNS servers did not have the source
address
translated. The sniffer saw the source as DNS-int.
2. Packets from DNS-int to other DNS servers did have the source address
translated. The sniffer saw the source as DNS-ext.
3. Another internal DNS server always translated, no matter which
destination
DNS servers it was trying to access!
Later the same day (with no firewall reloads), the problem mysteriously went
away!
We are currently running FW-1 4.0 SP2 on NT 4.0 SP6a. Has anyone
experienced
anything like this, and can explain what may have been happening? I cannot
determine how FW-1 would sometimes translate and sometimes not, depending on
the
destination, when the only NAT rules I have applying to the internal server
say
"Any" for a destination.
In short, I'm okay now, but I want to understand what happened, so I can
prevent
it from happening again. Thanks in advance.
Ray Lodato
NEF Information Services
617-578-3197
[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
