• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Networking Experts Please



Ok heres the deal:

I have 4 PCs right now in the current configuration.

Computer A is configured as a router/firewall with 3 nics as such: DHCP,, This computer is running smoothwall and has the DMZ on the network and the internal network is on the

Computer B is a Win2K Adv. Server acting as a primary domain controller with DHCP (only DHCP to the addresses, the DMZ is all hardcoded) and serving web and ftp to external visitors.

Computers C and D are XP pro workstations on the network.

I have setup dhcrelay on Computer A so it routes any DHCP requests from the 192 network to the server at This works fine and the 192 network can receive their addresses. However they can not login to the domain because they cant get DNS requests DNS server. They cant surf the web either because of the DNS.

All ports are blocked from the DMZ to the internal network from the firewall. I can pinhole from the DMZ to the internal network and the pinholes do funtion as I have tested this extensively. I have basic TCP/IP connection because I can logon to it via IP. I can print to a printer that it is sharing.

I pinholed port 53 TCP and UDP to my internal network as well as any other port that showed up as being blocked in my logs during trouble shooting. I still cant receive DNS requests.

I know the server is functioning properly because I reconfigured it with a IP and adjusted the DHCP scope to reflect this and moved it to the switch for the 192 network thus eliminating computer A and of course everything works perfectly. As soon as I put everyting back and move it back to the 10 switch and reconfigure it I cantcontact DNS. So I know for a fact the problem lies with getting the requests through the firewall.

I have swapped NICs across the board and swapped switches as well. I can't seem to make this work. I know this si long but I wanted to let you know exactly what was happening and what I've already tried.

Thanx for your time.


Actually I think I solved my own problem.

The way I see it is that a client on the network is sending a request to the DNS servers port 53. This part gets through. The server then sends back to any random port above 1024 which is gettin blocked by the firewall.

The only answer would be to open up all ports above 1024 from the server in the DMZ to the internal network which sort of defeats the purpose of the DMZ.

Sound correct? Anybody?


Some of this is a tad over my head, but I don't know that you can use one computer as a gateway (A, in your definition) and another as your DC (B) when the domain is on a different IP range. Or I just don't have a clue.


Well thank for the reply but actually you can. You can have them on as many subnets as you like as long as each is properly setup with a gateway. You can have a domain controller in California for a network in Florida. I figured out that my whole problem was with getting DNS through the firewall. I dont want to put the size of a hole I would need to in the firewall to make it work so im building a new box strictly for web/ftp/mail to put in the DMZ. I am going to keep my PDC inside the firewall and it will not be remotely accesible. I'm just very security conscious :)

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member