This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

newbie packet filter question...

hello all

this ist perhabs again basic for you, but there is one think i don't understand:

ASL 1.920:

my external interface has the official ip adress.
DNAT is set to: external_nic: DNS -> DMZ_Server: DNS

if i make the following rule it does NOT work:
external_nic: DNS -> DMZ_Server: DNS -> allow

if i make:
ANY: DNS -> DMZ_Server: DNS -> allow
it works.

ok, i know, this shure is basic, perhabs a hint where to look for packet filter explanation somewhere??!!

thanks a lot and greetings from switzerland
eldorado

This thread was automatically locked due to age.

Parents

0 thomas_01 over 23 years ago

eldorado,

i you have an external access to your server the source address of the packet that should pass the firewall is NOT the IP bound to your external_nic, it could be any official IP from the bad world outside....
Thats the reason why your second rule ANY NS to DMZ NS allow works.

Thomas
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 thomas_01 over 23 years ago

eldorado,

i you have an external access to your server the source address of the packet that should pass the firewall is NOT the IP bound to your external_nic, it could be any official IP from the bad world outside....
Thats the reason why your second rule ANY NS to DMZ NS allow works.

Thomas
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 eldorado over 23 years ago in reply to thomas_01

hello thomas,

thanks for your explanation.

i thought that it must be something like this.
but i was not sure.

thanks again
eldorado
Cancel
Vote Up 0 Vote Down

Cancel