1. You need to have an inbound tunnel similar to:
Inbound Tunnels
Protocol From IP Address Port To IP Address Port
Options
-------- -------------------- ----- -------------------- -----
-----------
UDP EXTERNAL 53 W.X.Y.Z 53
filter
Where W.X.Y.Z is the internal (real) IP Address of your DNS Server.
The "Filter" option (a checkmark in the "Automatic Accept All
Filter"
box when you create the tunnel) tells the GNAT Box to allow everyone
to access this tunnel.
If your ISP hosts your secondary DNS, then you may also want a
tunnel
similar to:
Inbound Tunnels
Protocol From IP Address Port To IP Address Port
Options
-------- -------------------- ----- -------------------- -----
-----------
TCP EXTERNAL 53 W.X.Y.Z 53
You don't want to use the "Automatic Accept All" filter with this
tunnel.
Instead, you should create a Remote Access Filter that only allows
your
ISP to access TCP port 53 on your external interface.
This will allow your ISP to do zone transfers to update the
secondary
DNS server.
2. a) Remove the "allow any/all" Outbound filter
b) Create a "deny any/all" Outbound filter
c) Create individual filters that allow the Outbound
traffic that you want to allow, and put those
ahead of the "deny any/all" Outbound filter.
Mike Burden
Lynk Systems
http://www.lynk.com
(616)532-4985
[EMAIL PROTECTED]
> -----Original Message-----
> From: Tarun Kumar Singh [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, September 29, 2002 9:33 PM
> To: [EMAIL PROTECTED]
> Subject: [gb-users] How to Installed DNS Server in PSN ?
>
>
> Hi There,
>
> I am using GB-1000 Firewall and having 2 question if possible
> please help
> me.
>
> 1: How to Installed DNS server in PSN ( I already installed
> dns server and
> open port 53 for out side network but i think its not working
> please let me
> know where i am wrong same server working fine without firewall)
>
> 2: How to close Excessive and unnecessary out-going services
> ( Bellow is
> copy of my DMZ rules)
>
>
> 3
> ANY_IP
> ANY_IP
> ALL
> Accept information "DMZ"
> This is a default outbound filter which allows all IP
> addresses on "DMZ"
> network to access any IP address and any service external to
> "DMZ" network.
>
> I really appreciate if some help me in this issue.
>
> Thanks,
>
> --Tarun
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> To subscribe to the digest version first unsubscribe, then
> e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> Archive of the last 1000 messages:
> http://www.mail-archive.com/[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archive of the last 1000 messages:
http://www.mail-archive.com/[email protected]
