[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [fw1-wizards] RE: [FW1] dnsinfo
In fact, what I try to do, is to eliminate the hosts file i got to update manualy for my VPN users. I want users to use the same Internal address, like : www.intranet But still fail. I add this in dnsinfo.C, and this suppose to modify LMhosts or hosts file of VPN users : :LMdata ( : ( :ipaddr(W.Z.16.9) :name(dctidgaron) :domain(mtq.gouv.qc.ca) ) : ( :ipaddr(W.U.16.8) :name(sgetweb) :domain(mtq.gouv.qc.ca) ) ) But its not work. Here my complete dnsinfo.C file. What I'm doing wrong? I also add this line "#define ENCDNS" to /etc/fw/lib/crypt.def. And I create the file /etc/fw/database/users.C, I join it to this message. And last, I reinstalled rules. Maybe i goto reboot the server or the fw service???? -----Message d'origine----- De : Greg Polanski [mailto:[email protected]] Envoyé : 2 février, 2001 12:49 À : Garon, Denis Objet : Re: [fw1-wizards] RE: [FW1] dnsinfo Looks good. Here is a working example greg nyland# cat dnsinfo.C ( :dns_servers ( : (ingate3.adc.com.mplsgateways :obj ( : (155.226.44.200) ) :topology ( : ( :ipaddr (155.226.0.0) :ipmask (255.255.0.0) ) ) :domain ( : ( :dns_label_count (6) :domain (.adc.com) ) : ( :dns_label_count (6) :domain (.kentrox.com) ) ) ) : (ingate.adc.com.mplsgateways :obj ( : (155.226.10.200) ) :topology ( : ( :ipaddr (155.226.0.0) :ipmask (255.255.0.0) ) : ( :ipaddr (146.71.0.0) :ipmask (255.255.0.0) ) : ( :ipaddr (10.0.0.0) :ipmask (255.240.0.0) ) : ( :ipaddr (10.64.0.0) :ipmask (255.240.0.0) ) : ( :ipaddr (10.128.0.0) :ipmask (255.240.0.0) ) ) :domain ( : ( :dns_label_count (6) :domain (.adc.com) ) : ( :dns_label_count (6) :domain (.kentrox.com) ) : ( :dns_label_count (6) :domain (.newnet.com) ) : ( :dns_label_count (6) :domain (.basystems.com) ) : ( :dns_label_count (6) :domain (.centigram.com) ) : ( :dns_label_count (6) :domain (.pairgain.com) ) ) ) : (sstodd01.tor.ssd.adc.com.sstopa05 :obj ( : (10.2.3.11) ) :topology ( : ( :ipaddr (155.226.0.0) :ipmask (255.255.0.0) ) : ( :ipaddr (10.0.0.0) :ipmask (255.240.0.0) ) : ( :ipaddr (10.64.0.0) :ipmask (255.240.0.0) ) : ( :ipaddr (10.128.0.0) :ipmask (255.240.0.0) ) ) :domain ( : ( :dns_label_count (6) :domain (.adc.com) ) : ( :dns_label_count (6) :domain (.kentrox.com) ) ) ) ) :encrypt_dns (true) ) nyland# "Garon, Denis" wrote: > > If I have multiple IP Network, i goto to show it like this in dnsinfo.C ? > > :topology ( > : ( > :ipaddr (X.Y.0.0) > :ipmask (255.255.0.0) > ) > : ( > :ipaddr (10.Z.0.0) > :ipmask (255.255.0.0) > ) > : ( > :ipaddr (10.W.0.0) > :ipmask (255.255.0.0) > ) > ) > > I see nothing on this in documentation > Thanks > > -----Message d'origine----- > De : Gregor Munro [mailto:[email protected]] > Envoyé : 29 janvier, 2001 14:27 > À : Idan Dolev; Firewall_Mailing_List (E-mail); Firewall (E-mail) > Objet : [fw1-wizards] RE: [FW1] dnsinfo > > Idan, > > be VERY careful with the placement of spaces etc. Also, what is the client > that you are using? Win 9x or later? There is a different LMData portion > required for win9x clients (that is undocumented). If any part of the file > is wrong, then you will not be able to get it working. Please review the > attached except from my earlier post which I've included again so that > others out there still asking the same question can find an answer. > > PS to everyone out there... there are a number of searchable and browseable > archives of this mailing list. It's a good place to start *before* posting > the same questions again and again. A couple of these are: > Daniel Kim's - http://msgs.securepoint.com/cgi-bin/get/fw1.html > (browseable) > - http://search.securepoint.com/ > TSG's - http://www.shmoo.com/mail/fw1/ > > Enjoy ! > Cheers > Greg > > ---[snip]--- > The use of :domain label in the dnsinfo.C file is only for the Windows NT > clients. > > To quote the Public Configuration Document > > "To solve the issue of browsing with a Win98 client, we previously had to > manually add an LMHOSTS entry to the clients: > 10.10.1.10 "PDC-KIRK \0x1b" #PRE > > This entry is only required to allow Win98 clients to browse in Network > Neighborhood; however, they can > still authenticate and browse by Universal Naming Convention (UNC) when it > is not used. WinNT > clients do not require this entry. > > This entry in the LMHOSTS file is required for Win98 clients to locate the > domain master browser for retrieval of a resource list - THIS IS ALWAYS THE > PDC. The name must be padded out to 15 characters with spaces and contained > in double-quotes as shown above. Appended to the padded name is a hex > character \0x1b that notifies our client this name is a domain master > browser. Be sure to add the #PRE tag to store this in the NetBIOS name cache > or this will not work. " > > But if you have SP2 and configure it as per my earlier email. You dont have > to manually configure each win 98/95 workstation as it will be done whenever > the topology is updated. > > So the Anatomy of the dnsinfo.C file for LMHOSTS is as follows: > >( > ^Required at the top of the file. > > :LMdata ( > ^Section Label (note the lowercase 'd' and the whitespace after the > label). > > : ( > ^Required LMHOSTS entry (note the whitespace after the > colon) > > :ipaddr (10.0.0.1) > ^IP address of the PDC (note the whitespace) > > :name (MERLIN) > ^Name of the PDC > > :domain (ROUNDTABLE) (note the whitespace) > ^Name of the Domain that this is the PDC for (note > the whitespace) > > ) > ^Required end of the definition for this LMHOSTS entry > > : ( > ^Required for Win95/98 clients ( note the whitespace after > the colon) > > :ipaddr (10.0.0.1) > ^IP Address of the PDC (note the whitespace) > > :name (MERLIN) > ^Name of the PDC (note the whitespace) > > ) > ^Required end of the definition for this LMHOSTS entry for > Win95/98 > clients > > ) > ^Required - ends the LMdata section > >) > ^Required at bottom of file. > ---[End of snip]--- > > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of Idan > Dolev > Sent: Tuesday, 30 January 2001 5:26 a.m. > To: Firewall_Mailing_List (E-mail); Firewall (E-mail) > Subject: [FW1] dnsinfo > > Guys, > > I am able to see my LMhost file updated but my hosts file stays the same, is > it suppose to get updated from my dns server,what excatly is suppose to be > writen there ? > > ( > :dns_servers ( > : (spock.firewall > :obj ( > : (10.10.1.100) > ) > :topology ( > : ( > :ipaddr (10.10.1.0) > :ipmask (255.255.255.0) > ) > ) > :domain ( > : ( > :dns_label_count (3) > :domain (.xpert.com) > ) > ) > ) > ) > :encrypt_dns (true) > :LMdata ( > : ( > :ipaddr (192.168.0.200) > :name (PDC-KIRK) > :domain (AD) > ) > : ( > :ipaddr (10.10.1.20) > :name (BDC-SPOCK) > :domain (DOM-NCC1701) > ) > ) > ) > ~ > > ============================================================================ > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ > ==== > > --------------------------------------------------------------------- > This email came from the FireWall-1 Wizards Mailing List > To unsubscribe, e-mail: [email protected] > For more information, email: [email protected] > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== -- _______________________________________________________________ Greg Polanski mailto:[email protected] ADC Telecommunications, IncMSFAX PO Box 1pager Minneapolis, MN [email protected] _______________________________________________________________ Attachment:
dnsinfo.C Attachment:
userc.C
|