FWSM blocks DNS, not WWW, should allow both

Unanswered Question
May 14th, 2008
User Badges:

I'm running into an issue where my 6509 with FWSM installed is lets www requests through, but blocks DNS, despite being told to permit both.

Most perversely, it's blocking DNS on my internal networks. I've got the FWSM set up in single context mode, with a 1-port-to-1-vlan relationship for each of the different firewalls, and even the "internal" networks are blocked from each other. So long as either or both the nameserver netblock and the client netblock must transit the FWSM, all DNS traffic fails. (Things work fine whrn the Nameservers are taken off the FWSM and so is the client network. But then what's the point of having an FWSM if you circumvent it for everything?) Meanwhile, web access works fine in all permutations of different networks being on or off the FWSM.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bitonw Mon, 05/19/2008 - 05:59
User Badges:

you might have something like this:

"fixup protocol dns maximum-length 512"

in your config of the FWSM?

for test try this:

no fixup protocol dns


This Discussion