You want to use the Sonicwall WAN IP as one DNS server (routing all DNS traffic to a private LAN ip), and then a 1-to-1 NAT'd address as a second DNS server? I'm not sure you are allowed to do that. Are you trying to do that because you don't have enough Public IPs to do enough 1-to1 NAT to serve all your needs? If you have enough Public IPs (you need three. One for the Sonicwall, and one for each DNS server), do enough 1-to-1 NAT so two LAN side private IPs can seems like they have their own Public IPs. After the 1-to-1 NAT is all setup, make your rule. Rule should be...
Allow DNS from WAN [*, ] to LAN [192.169.0.2 - 192.169.0.3] I hope I'm helping and not adding more confusion. -Curtis ----- Original Message ----- From: John Tolmachoff <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 11, 2002 1:13 AM Subject: RE: [SonicWALL]- Multiple internal servers > But how do you apply a rule to only one IP assigned of multiple IPs to > the WAN port of the Sonicwall? It seems it only specifies destination > and origin, not through. > > Example: DNS1 -- 5.5.5.1 -- rule1 -- 192.168.0.1 > DNS2 -- 5.5.5.2 -- rule2 -- 192.169.0.2 > 5.5.5.1 is WAN IP of Sonicwall > 5.5.5.2 is 1-1 NAT to 192.168.0.2 > > How does the SonicWall know to use rule1 for 5.5.5.1 and rule2 for > 5.5.5.2, both rules being DNS Query? > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of Todd Holt > Sent: Friday, May 10, 2002 8:43 AM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- Multiple internal servers > > In addition, you should probably specify in your rule only allow DNS > (port > 53). > > Todd > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of [EMAIL PROTECTED] > Sent: Friday, May 10, 2002 9:51 AM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- Multiple internal servers > > > > Use the internal address of the server to specify rules for the NAT'd > IP > as well. if your > internal is 192.168.0.5 and the NAT is 204.56.0.5 then in your rule > specify > ALLOW from Anywhere to > access port X on 192.168.0.5 > > > http://www.iana.org/assignments/port-numbers > > Also if you do a search on the MS knowledge base they usually have all > port > numbers for whatever > product you're searching on. > > Cavell McDermott > Domino Admin > APW Ltd. - Texas Campus > 214-343-1400 - Main > 214-355-2022 - Direct > 214-341-9950 - Fax > http://www.apw.com > > > > "John Tolmachoff" > <jtolmachoff@relianc To: > <[EMAIL PROTECTED]> > esoft.com> cc: > Sent by: Subject: RE: > [SonicWALL]- Multiple internal servers > sonicwall-owner@peak > e.com > > > 05/10/2002 09:26 AM > Please respond to > sonicwall > > > > > > > But how do you specify which public IP for which rule? When you > create > a service rule, it only > specifies destination and origin. Or did I miss something? > > SonicWall Pro. > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Dude, > Curtis > Sent: Friday, May 10, 2002 6:42 AM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- Multiple internal servers > > I use One-to-One NAT, and it works great. Bypass rules? > No > Way. Rules work in this > scenario, or I would be toast by now. I have DNS servers, > Web > Servers, Mail Servers > etc... > > -Curtis > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > John Tolmachoff > Sent: Friday, May 10, 2002 9:36 AM > To: [EMAIL PROTECTED] > Subject: [SonicWALL]- Multiple internal servers > I have a client that has two DNS servers on the > internal > LAN that need to be > able to answer Internet DNS queries. How can you set > up > 2 servers to answer on > the same port number? They have multiple public IP > addresses. > > I know I could set up one to one NAT, but doesn't > that > bypass rules, allowing > all traffic? > > John Tolmachoff > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > > > > > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email > put the following: unsubscribe sonicwall your_name > The archive of this list is at > http://www.mail-archive.com/sonicwall%40peake.com/ > > > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ======================================================================== > =========================== > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email put the following: unsubscribe sonicwall your_name > The archive of this list is at > http://www.mail-archive.com/sonicwall%40peake.com/ > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > =================================================================================================== > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > > > --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
