On Wed, 2 Apr 1997 21:40:51 -0600 (CST),
Dave Huang <khym@bga.com> wrote:
> 
> I'm using NAT also, and it does work great for TCP connections, but UDP
> doesn't work quite as well. For example, if machine A sends out a DNS
> query, the NAT machine adds an entry into the translation table thing, so
> when the reply comes back, it goes to the machine that sent the query. 
> So, that part's fine. Now, when the NAT machine sends out a DNS query, the
> translation entry is still in the table and the reply goes to A, not the
> one doing NAT.

Probably you should run a caching-only name server on your NAT machine,
and have all your internal machines look up the NAT machine for names.

I don't run ipfilter on my configuration, so it may not apply that
well, but a similar configuration works at the site I helped set up a
while back.  They have a firewall (w/ NAT, of course) running BSD/OS
and TIS's Gauntlet, and a bunch of client PCs inside the FW.  Well,
the firewall really doesn't run as just a caching-only server, but as
their primary name server, though.

Ken