[ale] still trying to figure it out
Geoffrey
esoteric at 3times25.net
Mon Aug 4 13:11:16 EDT 2003
David S. Jackson wrote:
> On Mon, Aug 04, 2003 at 08:26:39AM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
>
>>David S. Jackson wrote:
>>
>>
>>>using the same tcpdump arguments. At least this says the packet
>>>length, right? If you gave the same query, would a shorter
>>>packet length prove your firewall rules (or something) are
>>>mangling the packet before it makes it back to your dig client?
>>
>>Packet length is the same.
>
>
> Just thinking...If the non-nat'ed boxes get the complete dns
> query answers, then the zone info must be getting transferred to
> your ISPs nameservers, right? So that brings us back to the
> firewall rulesets...
>
> Where to start? Port forwarding rules maybe?
The choke firewall forwards everything to the bastion. It shouldn't be
doing anything but masq.
>
--
Until later: Geoffrey esoteric at 3times25.net
The latest, most widespread virus? Microsoft end user agreement.
Think about it...
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list