By default, DNS is allowed through the firewall via the implied rules
of the firewall "policy". In policy manager, click Policy,
Properties, and then check the Security Policy tab. Uncheck the DNS
related checkboxes. You'll need to add rules to the rulebase to allow
DNS queries outbound from you internal DNS's after you do this.
----------------------------------------------------------------------
------------------
Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [EMAIL PROTECTED]
Voice: (713) 235-6018
Fax: (713) 235-6890
|--------+--------------------------->
| | James.Tyrrell@wri|
| | gley.co.uk AT |
| | i-net |
| | |
| | 07/16/2000 12:01 |
| | PM |
| | |
|--------+--------------------------->
>------------------------------------------------------------------|
| |
| To: <[EMAIL PROTECTED]> AT |
| i-net@CCM |
| cc: (bcc: Greg Winkler/US/HO/HUNTSMAN) |
| Subject: [FW1] Internal DNS servers. |
>------------------------------------------------------------------|
Hi,
I have setup a couple of DNS servers for our internal network but do
not
want them visible to the
outside world. I couldnt get the DNS servers do any queries to the
outside
world unless they
had an IP address that was a NAT and had an external address.
Now that I have set them up with NAT address's the DNS queries run
fine but
the DNS servers are
also visible from the outside world. How do I either block the DNS
lookups
from the internet or
get a DNS server to run on an address with no NAT?
I have not found a rule to do this and have not been able to get FW1
to log
any of the DNS
traffic.
I'm sure this is easy and I'm being rather thick but I would
appreciate any tips.
Thanks.
Jim.
======================================================================
==========
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
======================================================================
==========
