beautypg.com

Kerio Tech Firewall6 User Manual

Page 383

background image

25.4 Internet links dialed on demand

383

will be dialed upon a client’s DNS query. If a local DNS server is used, the line will be

dialed upon a query sent by this server to the Internet (the default gateway of the host

where the DNS server is running must be set to the IP address of the WinRoute host).

3.

It can be easily understood through the last point that if the DNS server is to be running at

the WinRoute host, it must be represented by DNS Forwarder because it can dial the line

if necessary.

If there is a domain based on Active Directory in the LAN (domain server with Windows

Server 2000/2003/2008), it is necessary to use Microsoft DNS server, because communica-

tion with Active Directory uses special types of DNS request. Microsoft DNS server does not

support automatic dialing. Moreover, it cannot be used at the same host as DNS Forwarder

as it would cause collision of ports.

As understood from the facts above, if the Internet connection is to be available via dial-

up, WinRoute cannot be used at the same host where Windows Server with Active Directory

and Microsoft DNS are running.

4.

If DNS Forwarder is used, WinRoute can dial as a response to a client’s request if the

following conditions are met:

Destination server must be defined by DNS name so that the application can create

a DNS query.

In the operating system, set the primary DNS server to the IP address of the fire-

wall). In Windows, go to TCP/IP properties in interfaces connected to the LAN and

set the IP address of this interface as the primary DNS server.

5.

The Proxy server in WinRoute (see chapter

8.4

) also provides direct dial-up connections.

A special page providing information on the connection process is opened (the page is

refreshed in short periods). Upon a successful connection, the browser is redirected to

the specified Website.

Unintentionally dialed link — application of on-demand dial rules

Demand dial functions may cause unintentional dialing. It’s usually caused by DNS queries

that are handled by the DNS Forwarder The following causes apply:

User host generates a DNS query in the absence of the user. This traffic attempt may be

an active object at a local HTML page or automatic update of an installed application.

DNS Forwarder performs dialing in response to requests of names of local hosts. De-

fine DNS for the local domain properly (use the hosts system file of the WinRoute host

— for details, see chapter

8.1

).

Note: Undesirable traffic causing unintentional dialing of a link can be blocked by WinRoute

traffic rules (see chapter

7.3

). However, the best remedy for any pain is always removal of its

cause (e.g. perform antivirus check on the corresponding workstation, etc.).