Firewall Wizards mailing list archives
Re: Gauntlet Assistance
From: Stu Allen <stu () cinops xerox com>
Date: Thu, 9 Sep 1999 06:55:10 -0400 (EDT)
Any one out there managed to use Gauntlet packet filters to pass UDP traffic (specifically, DNS) between interfaces? If so, can you provide any pointers?
OK I'll bite. This is what we used to do when we were running Gauntlet V3.2A. YMMV since you're probably running a newer version and using the GUI (these rules were manually added to the netperm-table). # These rules allow hosts on the <internal-network> to use the # _outside_ address of this box as a DNS server authenIP: permit-local -if <inside-interface> -proto TCP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr <outside-IP>:255.255.255.255 -dstport 53 authenIP: permit-local -if <inside-interface> -proto UDP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr <outside-IP>:255.255.255.255 -dstport 53 authenIP: permit-local -if <outside-interface> -proto TCP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr <outside-IP>:255.255.255.255 -dstport 53 authenIP: permit-local -if <outside-interface> -proto UDP -srcaddr 0.0.0.0:0.0.0.0 -srcport * -dstaddr <outside-IP>:255.255.255.255 -dstport 53 -- Stu Allen Phone: (716) 231-0073 EDS/Xerox Internet Services Email: stu () cinops xerox com
Current thread:
- Gauntlet Assistance Tina Bird (Sep 08)
- Re: Gauntlet Assistance Stu Allen (Sep 09)
- Re: Gauntlet Assistance Joseph S D Yao (Sep 09)
- <Possible follow-ups>
- RE: Gauntlet Assistance Shivdasani, Meenoo (Sep 09)
- RE: Gauntlet Assistance Kyle Starkey (Sep 10)