[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: AW: [m0n0wall] Problem with GRE-Protocoll (VPN over WLAN)
 Date:  Mon, 2 Jan 2006 19:34:23 -0500
On 1/2/06, Sandro Kehrlein <sandro at kehrlein dot de> wrote:
> Here we go!
> Ticking 'Allow fragmented packets' does it! :-) I've chosen this option now on every "Pass"-Rule.
> Does it make sense to allow DNS- and NetBios-queries from the WLAN (where everything is blocked,
only VPN allowed)? I've seen that there are a lot of log-entries to port 53 and 137 before and while
i'm connecting with PPTP-VPN.

The NetBIOS is probably broadcast traffic that wouldn't be passed even
if you explicitly permitted it (though it would be shown as dropped). 
But no, don't let it out unless you have a good reason to do so.  For
the DNS traffic, if you don't need DNS, don't let it out.  If you do,
permit it.  Sounds like you're working fine without allowing DNS, so
I'd leave well enough alone.