Firewall Wizards mailing list archives

Re: Gauntlet Assistance

From: Stu Allen <stu () cinops xerox com>
Date: Thu, 9 Sep 1999 06:55:10 -0400 (EDT)

Any one out there managed to use Gauntlet packet filters to pass UDP
traffic (specifically,
DNS) between interfaces?

If so, can you provide any pointers?


OK I'll bite.  This is what we used to do when we were running Gauntlet V3.2A.
YMMV since you're probably running a newer version and using the GUI (these
rules were manually added to the netperm-table).

# These rules allow hosts on the <internal-network> to use the 
# _outside_ address of this box as a DNS server
authenIP: permit-local -if <inside-interface> -proto TCP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr 
<outside-IP>:255.255.255.255 -dstport 53
authenIP: permit-local -if <inside-interface> -proto UDP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr 
<outside-IP>:255.255.255.255 -dstport 53
authenIP: permit-local -if <outside-interface> -proto TCP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr 
<outside-IP>:255.255.255.255 -dstport 53
authenIP: permit-local -if <outside-interface> -proto UDP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr 
<outside-IP>:255.255.255.255 -dstport 53

-- 
Stu Allen                        Phone: (716) 231-0073
EDS/Xerox Internet Services      Email: stu () cinops xerox com

Current thread:

Gauntlet Assistance Tina Bird (Sep 08)
- Re: Gauntlet Assistance Stu Allen (Sep 09)
- Re: Gauntlet Assistance Joseph S D Yao (Sep 09)
- <Possible follow-ups>
- RE: Gauntlet Assistance Shivdasani, Meenoo (Sep 09)
- RE: Gauntlet Assistance Kyle Starkey (Sep 10)