At 01:18 21/02/01 +0000, Iain Conochie wrote:
<snip>
>Colin, I am using masquerading instead of a proxy - I tried to get squid
>set up eons ago and failed miserably :( I would like to keep bind off the
>firewall / dial-up box, but maybe I should just upgrade and that would
>keep the security hazards at bay.....
>
masquerading for TCP _and_ UDP?
>Would it still work if bind does not listen to the ppp0 interface? I guess
>not as I had to explicitly allow DNS connections to a semi-strong firewall
I think I would do it by adding input firewall rules allowing connections
to port 53 from the internal network but disallowing from everywhere else.
HTH
Colin
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
