[ previous ] [ next ] [ threads ]
 
 From:  Andrew Lewis <andrew at coastal dot com>
 To:  "Michael A. Alderete" <lists dash 2003 at alderete dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall rules to allow DNS server in DMZ
 Date:  Thu, 26 Feb 2004 10:31:31 -0500
Michael A. Alderete wrote:
> [Reposting because there was no response. If I've left critical information out, could you let me
know? Thanks!]
> 
> I have set up my DNS server in m0n0wall's DMZ, using 1:1 NAT, with my server at 192.168.2.2 on the
DMZ network. I've set up the appropriate Proxy ARP settings, and what I think should be the correct
firewall settings to allow outside clients to resolve my domains by accessing my DNS server. And
most of the time it works, I receive mail, handle web requests, etc., as expected.
> 
> However, I do seem to regularly get blocked packets in my firewall logs for what looks like
legitimate DNS requests/responses. Here are some examples from earlier today:

Does this help?

http://homepages.tesco.net/~J.deBoynePollard/FGA/dns-shaped-firewall-holes.html