Mark Symmes <firstname.lastname@example.org> wrote in message
“Steve Munnings, Corman Technologies” wrote:
This is more in the way of an answer than a problem report…
I too cannot get to the NT machines by name, but can do it by address.
I am behind a corporate firewall using NT Server.
It appears that there is NO DNS on the inside of the firewall.
All the local software (mostly Windoze in various flavours) uses WINS to
resolve names, not DNS
(More #$#%#$ Microsoft baloney!)
I can still get out to the Internet using Voyager and proxy server if I
simply set the numeric address of the “insulating” server, and the
appropriate port number.
Apparently there is no “internal” DNS available in many “mostly” MS
networks - they use WINS instead.
I believe that MS suggests this as the “safest” and “most stable” way of
running firewalls using NT Server…
( I may be mistaken, so do not take that statement as gospel)
The dhcp server does not give the dhcp client any dns address for
resolution, and when dhcp client starts up, it will “wipe” any DNS
address because it gets “more up-to-date” information from the dhcp
which says that there is no DNS server running
Thanks. You have steered me in the right direction.
Turns out we have no DNS server on the inside of the firewall. Only WINS.
So I have taken the address that the DHCP server gave me and installed it
manually and will no longer run dhcp.client as per your notes above.
But even after creating a small /etc/hosts file I can not ping by name nor
ip address anything on the outside - I get “ping: sendto: No route to
Can you be more explicit about “using Voyager and proxy server and
setting the numeric address of the insulating server”.
What am I doing wrong?
What you are doing wrong is that you are expecting MS stuff to work in the
most obvious or intuitive way!
The essence of a firewall is to insulate the “inside user” from the
Early firewalls did that by acting as routers and monitoring ports and
addresses and doing whatever censoring they did by not allowing connections
that did not have “blessings”.
MS vision of firewalls seems to be that every application needs to be
re-written to access a proxy port on the firewall server, talk to it using a
new protocol, and then be allowed access to the outside world (through this
port on the server). The server will do all of the name lookup, etc., and
do the actual communication to the outside.
The bottom line is that applications need to be able to talk to “proxy
servers” in order to get out through that kind of firewall.
Voyager is supposed to be able to do this - and in fact does do it. You can
still leave dhcp client running (you probably should, as this is needed for
the MS “inside network” to allocate a dynamically changing IP address to
What you need to do is go to the Edit->Preferences->Connections menu of
Voyager, and tell it to use proxy server for outside access.
Basically set all of the services (except SOCKS) that you see there to the
numeric ip address of your “internet server” machine and use an appropriate
port number also.
(Talk to your network admin to find the IP address of the server, and the
port to use - the port is likely 80)
Once configured in this manner, Voyager will allow you to “surf” the Web by
using the proxy server as its “connection” to the outside world. It (the
Internet server) does all of the name resolution, and the “go-between-ing”
The Package Manager is also supposed to be able to work with proxy server
(but it never prompts me for my user and password) and fails to do so.
As far as I know, those are the only two software packages that are
programmed to use proxy servers. All other services will fail, since they
cannot “break through” the firewall without this particular programming.
Your network can be configured to allow other kinds of “pass-through”
through the firewall, but I bet you will find the network admin very
reluctant to set up any other service. (It seems to be a major pain to get
a reconfigured server working properly again once one “jiggles” the settings
on something as major as adding a new method) MS also seems to encourage a
“proxy server” only method as the most stable and fool-proof firewalling.
This means that ping, traceroute, telnet, ftp, and many other services to
outside ip addresses will not work until they learn to do it through a proxy
This also means - in your case and mine - that the QNX RtP system has no
direct access to domain name resolution services anywhere, either inside or
outside. We have to basically build our own - in the /etc/hosts file. That
is only of any good for addresses that you can reach directly (on the
inside). For outside addresses, you must let the proxy server do the name
lookup for you as part of its connection services.
Hope this helps!
(Hey maybe this could be the start of one of those $100.00 articles!