System Services
57
The example XML below shows the telnet service configured this way :-
<telnet allow="10.0.0.0/24 10.1.0.3-98 10.100.100.88 10.99.99.0/24"
comment="telnet service access restricted by IP address"
local-only="false"/>
12.4. DNS configuration
The DNS service provides name resolution service to other tasks within the app software, and can act
as a relay for requests received from client machines. DNS typically means converting a name, like
www.firebrick.co.uk
to one or more IP addresses, but it can also be used for reverse DNS finding the
name of an IP address. DNS service is normally provided by your ISP.
The DNS service on the FB6000 simply relays requests to external DNS servers and caches replies. You can
configure a list of external DNS servers using the
resolvers
attribute. However, DNS resolvers are also
learned automatically via various systems such as DHCP and PPPoE. In most cases you do not need to set
the resolvers.
12.4.1. Blocking DNS names
You can configure names such that the FB6000 issues an NXDOMAIN response making it appear that the
domain does not exist. This can be done using a wildcard, e.g. you could block
*.xxx
.
Tip
You can also restrict responses to certain IP addresses on your LAN, making it that some devices get
different responses. You can also control when responses are given using a profile, e.g. time of day.
12.4.2. Local DNS responses
Instead of blocking names, you can also make some names return pre-defined responses. This is usually only
used for special cases, and there is a default for
my.firebrick.co.uk
which returns the FireBrick's own
IP. Faking DNS responses will not always work, and new security measures such as DNSSEC will mean these
faked responses will not be accepted.
12.4.3. Auto DHCP DNS
The FB6000 can also look for specific matching names and IP addresses for forward and reverse DNS that
match machines on your LAN. This is done by telling the FireBrick the
domain
for your local network. Any
name that is within that domain which matches a client name of a DHCP allocation that the FireBrick has made
will return the IP address assigned by DHCP. This is applied in reverse for reverse DNS mapping an IP address
back to a name. You can enable this using the
auto-dhcp
attribute.
12.5. NTP configuration
The NTP service automatically sets the FB6000's real-time-clock using time information provided by a Network
Time Protocol (NTP) server. There are public NTP servers available for use on the Internet, and a factory reset
configuration uses
pool.ntp.org
(see http://support.ntp.org/bin/view/Servers/NTPPoolServers for details
on
pool.ntp.org
).
The NTP service is currently only an NTP client. A future software version is likely to add NTP server
functionality, allowing other NTP clients (typically those in your network) to use the FB6000 as an NTP server.
Содержание FB6602
Страница 1: ...FireBrick FB6602 User Manual FB6000 Versatile Network Appliance...
Страница 2: ......
Страница 60: ...Profiles 45 profile name Off set false profile name On set true...
