Re: [FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!

Subject:	Re: [FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!
From:	loop <ma.teo AT ADINET.COM DOT UY>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Fri, 29 Oct 2004 15:25:52 -0300

I did can to resolve the problem my self.
I did to create a SecurityPolicy rule as follow:

Any--->Public_IP----->dns_mapped---->Accept

And a AdressTranslation rule:

Any-->Public_IP-->dns_udp-->original-->Internal_DNS (Static)-->original

In GlobalProperties i to check the "AcceptDNS over UDP query" property
on "First" too.

It did work to me.

Loop.-



-----Mensaje original-----
De: Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] En nombre de matt
Enviado el: Friday, October 29, 2004 11:58 AM
Para: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Asunto: [FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!

Hey guys....Im here again...!!!


I´ve a question for you. (i beleave that was answered before...but i did
not find the post)

I´ve my DNS server in the LAN, and I´ve only a Public IP (Valid IP) to
routing the traffic inside to LAN. (i need to publish 3 servers: mail,
web and DNS)
I saw that the dns queries are in the most of the cases over UDP.

So...I must to use mapped_services such like smtp, http...etc..to route
the traffic, but i can´t to use DNS-UDP to send que DNS queries to
internal DNS.

With the IPTABLES this i can do it, but with CHKP does not work fine.
Any ideas?


Loop.-

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Securemote problem with NATed servers, Sébastien Cantos [FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!, matt Re: [FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!, loop <=

Previous by Date:	Re: [FW-1] Bypassing client application protection techniques, Ray
Next by Date:	Re: [FW-1] Checkpoint Product or 3rd party Product that will chec k PC for Vi rus, Spyware, Keylogger....must be able to check PC on the fl y anywhere.. ., Previtera, Sal
Previous by Thread:	[FW-1] URGENT..URRENT...DNS UDP QUERIES...!!!, matt
Next by Thread:	[FW-1] CP + RevProxy + OWA, Dorn Andras
Indexes:	[Date] [Thread] [Top] [All Lists]