/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
----- Original Message -----
From: "Larry Lamb" <[EMAIL PROTECTED]>
To: "'Felipe Vilarinho'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, February 12, 2001 5:20 PM
Subject: RE: [Masq] Firewall
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> /* ALSO: Don't quote this header. It makes you look lame :-) */
>
>
> Change
>
> ipmasqadm portfw -a -P tcp -L $PUBLICIP 53 -R $LOCALIP 53
>
> To
>
> ipmasqadm portfw -a -P tcp -L $PUBLICIP 53 -R $LOCALIP 53
didn't you mean:
ipmasqadm portfw -a -P udp -L $PUBLICIP 53 -R $LOCALIP 53
>
>
> Why
>
> With DNS, TCP is used only for zone transfers, UDP is used for lookups.
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
> Of Felipe Vilarinho
> Sent: Monday, February 12, 2001 4:33 AM
> To: [EMAIL PROTECTED]
> Subject: [Masq] Firewall
>
>
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> /* ALSO: Don't quote this header. It makes you look lame :-) */
>
>
> Hi everyone!
>
> I have a LAN that has a Firewall to distribute packets from the Internet
> over my LAN. The Firewall also masquerade the machines behind it. Now come
> my problem! Has it ANY possibilities of a DNS server that is behind the
> Firewall becomes public for the Internet? I do some experience about that
> but no one works. Some one can help me?
>
> My Firewall settings:
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ -s $LOCALNET -d $INTERNET -i eth0
> ipmasqadm portfw -f
> ipmasqadm portfw -a -P tcp -L $PUBLICIP 53 -R $LOCALIP 53
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> THIS INCLUDES UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> THIS INCLUDES UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
