[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [fw1-wizards] RE: [FW1] dnsinfo
In fact, what I try to do, is to eliminate the hosts file i got to update
manualy for my VPN users. I want users to use the same Internal address,
like : www.intranet
But still fail. I add this in dnsinfo.C, and this suppose to modify LMhosts
or hosts file of VPN users :
:LMdata (
: (
:ipaddr(W.Z.16.9)
:name(dctidgaron)
:domain(mtq.gouv.qc.ca)
)
: (
:ipaddr(W.U.16.8)
:name(sgetweb)
:domain(mtq.gouv.qc.ca)
)
)
But its not work. Here my complete dnsinfo.C file. What I'm doing wrong?
I also add this line "#define ENCDNS" to /etc/fw/lib/crypt.def. And I create
the file /etc/fw/database/users.C, I join it to this message.
And last, I reinstalled rules. Maybe i goto reboot the server or the fw
service????
-----Message d'origine-----
De : Greg Polanski [mailto:[email protected]]
Envoyé : 2 février, 2001 12:49
À : Garon, Denis
Objet : Re: [fw1-wizards] RE: [FW1] dnsinfo
Looks good. Here is a working example
greg
nyland# cat dnsinfo.C
(
:dns_servers (
: (ingate3.adc.com.mplsgateways
:obj (
: (155.226.44.200)
)
:topology (
: (
:ipaddr (155.226.0.0)
:ipmask (255.255.0.0)
)
)
:domain (
: (
:dns_label_count (6)
:domain (.adc.com)
)
: (
:dns_label_count (6)
:domain (.kentrox.com)
)
)
)
: (ingate.adc.com.mplsgateways
:obj (
: (155.226.10.200)
)
:topology (
: (
:ipaddr (155.226.0.0)
:ipmask (255.255.0.0)
)
: (
:ipaddr (146.71.0.0)
:ipmask (255.255.0.0)
)
: (
:ipaddr (10.0.0.0)
:ipmask (255.240.0.0)
)
: (
:ipaddr (10.64.0.0)
:ipmask (255.240.0.0)
)
: (
:ipaddr (10.128.0.0)
:ipmask (255.240.0.0)
)
)
:domain (
: (
:dns_label_count (6)
:domain (.adc.com)
)
: (
:dns_label_count (6)
:domain (.kentrox.com)
)
: (
:dns_label_count (6)
:domain (.newnet.com)
)
: (
:dns_label_count (6)
:domain (.basystems.com)
)
: (
:dns_label_count (6)
:domain (.centigram.com)
)
: (
:dns_label_count (6)
:domain (.pairgain.com)
)
)
)
: (sstodd01.tor.ssd.adc.com.sstopa05
:obj (
: (10.2.3.11)
)
:topology (
: (
:ipaddr (155.226.0.0)
:ipmask (255.255.0.0)
)
: (
:ipaddr (10.0.0.0)
:ipmask (255.240.0.0)
)
: (
:ipaddr (10.64.0.0)
:ipmask (255.240.0.0)
)
: (
:ipaddr (10.128.0.0)
:ipmask (255.240.0.0)
)
)
:domain (
: (
:dns_label_count (6)
:domain (.adc.com)
)
: (
:dns_label_count (6)
:domain (.kentrox.com)
)
)
)
)
:encrypt_dns (true)
)
nyland#
"Garon, Denis" wrote:
>
> If I have multiple IP Network, i goto to show it like this in dnsinfo.C ?
>
> :topology (
> : (
> :ipaddr (X.Y.0.0)
> :ipmask (255.255.0.0)
> )
> : (
> :ipaddr (10.Z.0.0)
> :ipmask (255.255.0.0)
> )
> : (
> :ipaddr (10.W.0.0)
> :ipmask (255.255.0.0)
> )
> )
>
> I see nothing on this in documentation
> Thanks
>
> -----Message d'origine-----
> De : Gregor Munro [mailto:[email protected]]
> Envoyé : 29 janvier, 2001 14:27
> À : Idan Dolev; Firewall_Mailing_List (E-mail); Firewall (E-mail)
> Objet : [fw1-wizards] RE: [FW1] dnsinfo
>
> Idan,
>
> be VERY careful with the placement of spaces etc. Also, what is the client
> that you are using? Win 9x or later? There is a different LMData portion
> required for win9x clients (that is undocumented). If any part of the file
> is wrong, then you will not be able to get it working. Please review the
> attached except from my earlier post which I've included again so that
> others out there still asking the same question can find an answer.
>
> PS to everyone out there... there are a number of searchable and
browseable
> archives of this mailing list. It's a good place to start *before* posting
> the same questions again and again. A couple of these are:
> Daniel Kim's - http://msgs.securepoint.com/cgi-bin/get/fw1.html
> (browseable)
> - http://search.securepoint.com/
> TSG's - http://www.shmoo.com/mail/fw1/
>
> Enjoy !
> Cheers
> Greg
>
> ---[snip]---
> The use of :domain label in the dnsinfo.C file is only for the Windows NT
> clients.
>
> To quote the Public Configuration Document
>
> "To solve the issue of browsing with a Win98 client, we previously had to
> manually add an LMHOSTS entry to the clients:
> 10.10.1.10 "PDC-KIRK \0x1b" #PRE
>
> This entry is only required to allow Win98 clients to browse in Network
> Neighborhood; however, they can
> still authenticate and browse by Universal Naming Convention (UNC) when it
> is not used. WinNT
> clients do not require this entry.
>
> This entry in the LMHOSTS file is required for Win98 clients to locate the
> domain master browser for retrieval of a resource list - THIS IS ALWAYS
THE
> PDC. The name must be padded out to 15 characters with spaces and
contained
> in double-quotes as shown above. Appended to the padded name is a hex
> character \0x1b that notifies our client this name is a domain master
> browser. Be sure to add the #PRE tag to store this in the NetBIOS name
cache
> or this will not work. "
>
> But if you have SP2 and configure it as per my earlier email. You dont
have
> to manually configure each win 98/95 workstation as it will be done
whenever
> the topology is updated.
>
> So the Anatomy of the dnsinfo.C file for LMHOSTS is as follows:
> >(
> ^Required at the top of the file.
> > :LMdata (
> ^Section Label (note the lowercase 'd' and the whitespace after
the
> label).
> > : (
> ^Required LMHOSTS entry (note the whitespace after the
> colon)
> > :ipaddr (10.0.0.1)
> ^IP address of the PDC (note the whitespace)
> > :name (MERLIN)
> ^Name of the PDC
> > :domain (ROUNDTABLE) (note the whitespace)
> ^Name of the Domain that this is the PDC for (note
> the whitespace)
> > )
> ^Required end of the definition for this LMHOSTS entry
> > : (
> ^Required for Win95/98 clients ( note the whitespace after
> the colon)
> > :ipaddr (10.0.0.1)
> ^IP Address of the PDC (note the whitespace)
> > :name (MERLIN)
> ^Name of the PDC (note the whitespace)
> > )
> ^Required end of the definition for this LMHOSTS entry for
> Win95/98
> clients
> > )
> ^Required - ends the LMdata section
> >)
> ^Required at bottom of file.
> ---[End of snip]---
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]]On Behalf Of Idan
> Dolev
> Sent: Tuesday, 30 January 2001 5:26 a.m.
> To: Firewall_Mailing_List (E-mail); Firewall (E-mail)
> Subject: [FW1] dnsinfo
>
> Guys,
>
> I am able to see my LMhost file updated but my hosts file stays the same,
is
> it suppose to get updated from my dns server,what excatly is suppose to be
> writen there ?
>
> (
> :dns_servers (
> : (spock.firewall
> :obj (
> : (10.10.1.100)
> )
> :topology (
> : (
> :ipaddr (10.10.1.0)
> :ipmask (255.255.255.0)
> )
> )
> :domain (
> : (
> :dns_label_count (3)
> :domain (.xpert.com)
> )
> )
> )
> )
> :encrypt_dns (true)
> :LMdata (
> : (
> :ipaddr (192.168.0.200)
> :name (PDC-KIRK)
> :domain (AD)
> )
> : (
> :ipaddr (10.10.1.20)
> :name (BDC-SPOCK)
> :domain (DOM-NCC1701)
> )
> )
> )
> ~
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
> ---------------------------------------------------------------------
> This email came from the FireWall-1 Wizards Mailing List
> To unsubscribe, e-mail: [email protected]
> For more information, email: [email protected]
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
--
_______________________________________________________________
Greg Polanski mailto:[email protected]
ADC Telecommunications, IncMSFAX
PO Box 1pager
Minneapolis, MN [email protected]
_______________________________________________________________
Attachment:
dnsinfo.C
Description: Binary data
Attachment:
userc.C
Description: Binary data
