[ale] still trying to figure it out

David S. Jackson dsj at sylvester.dsj.net
Mon Aug 4 12:35:15 EDT 2003


On Mon, Aug 04, 2003 at 08:26:39AM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
> David S. Jackson wrote:
> 
> >using the same tcpdump arguments.  At least this says the packet
> >length, right?  If you gave the same query, would a shorter
> >packet length prove your firewall rules (or something) are
> >mangling the packet before it makes it back to your dig client?
> 
> Packet length is the same.

Just thinking...If the non-nat'ed boxes get the complete dns
query answers, then the zone info must be getting transferred to
your ISPs nameservers, right?  So that brings us back to the
firewall rulesets...

Where to start?  Port forwarding rules maybe?

-- 
David S. Jackson                        dsj at dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The grand leap of the whale up the Fall of Niagara
is esteemed, by all who have seen it, as one of the
finest spectacles in nature.
		-- Benjamin Franklin.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list