Does anyone know what conduit statement to give to the PIX to permit zone
transfers?
Currently, we have:
conduit permit tcp host xxx.xxx.40.60 eq domain any
conduit permit udp host xxx.xxx.40.60 eq domain any
Which should let anyone get to our nameservers, yet the pix keeps
returning in it's logs:
Feb 15 13:06:58 yyy.yyy.yyy.yyy Feb 15 2000 13:00:44: %PIX-2-106007: Deny
inbound UDP from 63.71.190.10/10805 to zz.zz.2.110/53 due to DNS Query
zz.zz.2.110 is our internal, NAT translated machine running our dns
server.
It's dumb too! because in version 4, you could do a conduit dns and
everything would be fine. now it's called 'domain'. Argh. Lame.I'm not
stupid and I do know what ports DNS is on but the PIX seems to handle it
strangely.
We also have TCP fixup on; maybe that's breaking it?
Thanks in advance.
-john
(ignore all of the yyy's and zz's. I don't want to give you my addresses.
Nyahh!)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
