On Mon, Mar 20, 2006 at 02:43:32PM -0800, Gustavo A. Baratto wrote: > We have two firewalls (FW1 and FW2) in different locations, just connected > to each other through the internet... We are running a DNS server (DNS1) > inside just FW1. And later on a DNS2 will be inside FW2. > FW2 is ready, and the IP for DNS2 is already assigned... So, while DNS2 > server is not ready, is it possible to setup FW2, so DNS queries from the > external world can be redirected to DNS1? > > It would be basically an rdr reflection on the external interface, but the > manual is clear this can't be accomplished... Is there any other way though?
Hi, You have to get packets with a public IP in their header from network 1 to network 2. My knee jerk reaction is to suggest a VPN from FW2 to FW1 and route packets via the VPN. This will be kind of kludgy and require you set up an IP alias (and bind the dns server to) on DNS1 so it will answer the packets bound for DNS2. It's not worth the trouble if DNS2 is pretty close to ready though. And it would be kind of ugly, given you'd have to do VPN stuff for public IPs and all that. -- adam
