Firewall Setup?
Steve West
stevewest15 at yahoo.com
Tue Dec 30 20:59:44 UTC 2003
We run our own Primary & Secondary DNS servers which are behind a firewall. The
name servers contain dns info for a few websites which are also located behind
this firewall. Basically, we need the following:
1. Allow the outside world to contact our dns servers for dns information for
only the sites which our dns server is responsible for (I've also setup
allow-query in named.conf to combat this).
2. Also need to allow local network users (behind the firewall) to use the dns
servers to browse the internet and send out e-mail. So, the dns servers behind
our firewall will need to have access to go outside our network to resolve
domains.
Incoming Traffic:
Rule #1:
Allow incoming TCP s-port=NC d-port=53 -> IP of NS
Rule #2:
Allow incoming UDP s-port=NC d-port=53 -> IP of NS
Rule #3:
Allow incoming UDP s-port=53 d-port=NC -> entire network
Outgoing Traffic:
Rule #4:
Allow outgoing TCP s-port=53 d-port=NC -> Our DNS IP
Rule #5:
Allow outgoing UDP s-port=53 d-port=NC -> Our DNS IP
Rule #6:
Allow outgoing UDP s-port=NC d-port=53 -> Internet
--------
I'm not sure if this is what I need or if I messed it all up. I'm especially
not clear if I need the UDP rules. The one that really scary's me is Rule #3
which I'm not sure if I even need it but I think I need it to allow local users
to fetch information from other dns servers but then again don't local users
query our local dns server which queries other dns which send response back to
local dns which sends info to local user. Did I loose you...because I'm lost
myself! ;-)
Any help is greatly appreciated and if something is unclear, please ask and
I'll be more than happy to clearify.
Thanks,
SW
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
More information about the bind-users
mailing list