Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NG AI and DNS drops

To: [email protected]
Subject: Re: [FW-1] NG AI and DNS drops
From: Edwin Davidson <[email protected]>
Date: Thu, 31 Jul 2003 12:15:17 -0500
Importance: Normal
In-reply-to: <8AF1544349A828419C96A6D248249D4906066CAD@fcexpress.franklincovey.com>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

DNS servers on the LAN are NATTed for HIDE behind the
firewall's IP.   DNS replies are sent to the firewall
because the external servers see the firewall's IP address
in the DNS request.  Since this is UDP, there is one packet
from the internal DNS server -> FW1 -> external DNS server, then
there is a packet from external DNS server -> FW1 -> internal DNS.

I am guessing the drops are due to UDP timeouts- but I am not sure
how to tell.  I am not sure how to "dump the traffic."  I can use
Ethereal, but what would I be looking for? The UDP reply packet
is probably fine.  Does the Firewall send out another packet that
I can capture when it DROPS a UDP packet?  I didn't think it did.?

Or is there a better way to diagnose this?

Thanks!


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: 2003, July 31, Thursday 10:50 AM
To: [email protected]
Subject: Re: [FW-1] NG AI and DNS drops


How is your DNS setup?  Internal servers that forward to an external DNS?
If so, why would DNS requests be sent to the firewall?  Have you dumped on
the traffic to confirm where the dropped queries are going?

-Aaron


http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed.  If you have received this email
in error please reply to the sender of the message.

The views expressed in this correspondence may not
reflect the views of Prime, Inc.

This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
**********************************************************************

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] NG AI and DNS drops
  - From: Crist Clark <[email protected]>

References:
- Re: [FW-1] NG AI and DNS drops
  - From: [email protected]

Prev by Date: Re: [FW-1] Armoring AIX/Win/Linux/Solaris for NG
Next by Date: Re: [FW-1] Management NG AI - Module 4.1
Previous by thread: Re: [FW-1] NG AI and DNS drops
Next by thread: Re: [FW-1] NG AI and DNS drops
Index(es):
- Date
- Thread