Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Rule question

To: <[email protected]>
Subject: Re: [FW1] Rule question
From: "Steve Dangerfield ([email protected])" <[email protected]>
Date: Mon, 26 Feb 2001 15:11:15 -0000
Cc: <[email protected]>
References: <[email protected]>
Sender: [email protected]

Derek,

It looks to me as though your DNS servers are sat on your internal network.
If they are then no connection from the internal DNS servers will pass
through the firewall to the Internal DNS servers. Your rule states, An
internal DNS wishing to connect to an Internal DNS server for DNS, Accept.

It is good practice to simplify your rule base, for performance, but take
care, you can't just eliminate common elements.

Steve.

----- Original Message -----
From: Derek J. Lambert <[email protected]>
To: fw-1-mailinglist (E-mail) <[email protected]>
Sent: Monday, February 26, 2001 12:56 PM
Subject: [FW1] Rule question


>
> I was trying to consolidate my rulebase this weekend and found that what I
> thought should work didn't. I'm probably missing something really simply
> here, but I can't find it. I poured through the manuals and couldn't find
> any help (surprise surprise), nor could I find anything on phoneboy. Any
> help would be greatly appreciated!
>
> Here's the objects I have defined (fake ip's of course):
>
> Type Name Data
> workstation ns1 192.168.10.1/24
> workstation ns2 192.168.10.2/24
> service group DNS dns-udp, dns-tcp
> host group ns_servers ns1, ns2
> network outside 0.0.0.0/0
>
> Originally I had the following 2 rules defined to let dns traffic to
> specific hosts:
>
> Source Dest Service Action
> ------ ---- ------- ------
> ns_servers outside DNS Allow
> ------------------------------------------------
> outside ns_servers DNS Allow
>
> I tried to merge this into one rule as:
>
> Source Dest Service Action
> ------ ---- ------- ------
> ns_nservers ns_servers DNS Allow
> outside outside
>
> This caused all dns traffic to be dropped (per the last rule).
>
> Derek J. Lambert, MCSE, A+
> Network Administrator
> Columbia ParCar Corp.
>
>
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Rule question
  - From: "Derek J. Lambert" <[email protected]>

Prev by Date: [FW1] fw.exe
Next by Date: RE: [FW1] Help!! Simple FTP Problem
Previous by thread: [FW1] Rule question
Next by thread: RE: [FW1] Rule question
Index(es):
- Date
- Thread