Linksys + Sygate PF

I am using a Linksys BEFSR41 switch and I have SPF installed without any advanced rules. Using SPF alone, the traffic log showed a confusing array of Internet 'noise' being rejected and quite a lot of undesirable polls being permitted. However, since installing the switch, I have a very clean traffic log. The only rejections shown in the traffic log are incoming UDP polls from the switch - and I presume these to be pings or other undesirable signals. On the other hand, there are also rejected incoming UDP polls from the DNS server of my ISP. As the Linsys switch is the only device that is supposed to talk to the DNS server, I do not see how those polls are reaching the SPF. Can anyone explain?

Thanks,

Brian

Reply to
Brian
Loading thread data ...

I should also mention that the SPF traffic log shows quite a lot of 'allowed' incoming and outgoing traffic between the DNS server and my PC whereas I would have thought that only the Linksys switch should be in dialogue with the outside DNS server. As an experiment, I have created a firewall rule to block all traffic between the PC and the remote DNS server.

Brian

Reply to
Brian

The Linksys is doing what is suppose to do ... keeping the "traffic" at the Linksys box and not on your computer or at the SPF level.

Reply to
------>That Way!

The Linksys unit does not have a DNS server, it's a pass-through to the DNS sites you listed in the config.

Reply to
Leythos

If you read my second posting, you will see that the switch was not keeping the traffic at the box. It was allowing dialogue between the external DNS server and my PC. The nature of that dialogue is a mystery to me because the switch is supposed to provide DNS services to the PC and obtain its own IP address from the external DNS server. Since making a rule to block those communications, all seems to be working OK.

Brian

Reply to
Brian

"Brian" wrote in news:41ada083$0$31958$ snipped-for-privacy@news.skynet.be:

The Linksys router has no DNS and secondly the computer must access the ISP's DNS to resolve url's to IP(s) so that the computer can access a site. That's of course if the computer is not using a local HOST file to resolve url's to IP(s). Otherwise, you should not be blocking any communications with the ISP's DNS as the computer is making the solicitation for the traffic or else the router and the FW behind the router would have blocked the traffic if it was not solicited by the computer.

formatting link
Duane :)

Reply to
Duane Arnold

Thanks to everyone who responded. I was confusing DNS and DHCP, which the switch does have although I am using a fixed IP address. The strange thing is that I see no difference with access to and from the external DNS server blocked.

Brian

Reply to
Brian

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.