Bind and Cisco Pix
David Hekimian
davidh at aqueduct.com
Fri Sep 7 14:35:28 UTC 2001
Turn logging on (from config mode "logging buffer 2") and check the logs to
see if there are any messages (use "sh logging" to display the buffer
messages).
This is an example of what to look for:
106001: Inbound TCP connection denied from 206.111.214.231/3293 to
65.204.142.15/53 flags SYN on interface outside
This shows that my external host 206.111.214.231 is denied from connecting
to 65.204.142.15 on port 53.
If this is the case, then double check your conduits.
- David
-----Original Message-----
From: Shonne Beavers [mailto:shonne_beavers at pvamu.edu]
Sent: Friday, September 07, 2001 5:26 AM
To: bind-users at isc.org
Subject: Bind and Cisco Pix
I cannot access nameserver from outside. I have tried
query source * 53 directive and no result. Ports 53 udp and tcp are open
at the pix. I am using Bind 8 on a SuSE Linux 7.2 Box. It seems as if the
requests are coming in, just not answered. Clients on the inside of the
firewall can resolve with no problem.
lsof -i -N -P reveals:
named 4138 root 4u IPv4 92246 UDP *:53
named 4138 root 20u IPv4 92242 UDP localhost:53
named 4138 root 21u IPv4 92243 TCP localhost:53 (LISTEN)
named 4138 root 22u IPv4 92244 UDP ns1.my.box:53
named 4138 root 23u IPv4 92245 TCP ns1.my.box:53 (LISTEN)
Quality is a mind-set, not an event.
This message powered by EMUMAIL. -- http://www.EMUMAIL.com
More information about the bind-users
mailing list