[ale] still trying to figure it out

Geoffrey esoteric at 3times25.net
Mon Aug 4 13:11:16 EDT 2003




David S. Jackson wrote:
> On Mon, Aug 04, 2003 at 08:26:39AM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
> 
>>David S. Jackson wrote:
>>
>>
>>>using the same tcpdump arguments.  At least this says the packet
>>>length, right?  If you gave the same query, would a shorter
>>>packet length prove your firewall rules (or something) are
>>>mangling the packet before it makes it back to your dig client?
>>
>>Packet length is the same.
> 
> 
> Just thinking...If the non-nat'ed boxes get the complete dns
> query answers, then the zone info must be getting transferred to
> your ISPs nameservers, right?  So that brings us back to the
> firewall rulesets...
> 
> Where to start?  Port forwarding rules maybe?

The choke firewall forwards everything to the bastion.  It shouldn't be 
doing anything but masq.

> 

-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list