What about name services? Don’t you need to be able to speed dial all those servers on the Internet? Here’s the scoop on DNS and firewalls.
Packet-filtering firewalls can be configured to let your DNS servers on the inside perform lookups from the outside (that is, to allow stateful TCP/53 or UDP/53). In this case, standard DNS troubleshooting rules apply. The DNS lookup looks something like this:
The client workstation asks the local DNS server to resolve www.jotto.com.
The DNS on the local server can’t find jotto.com locally; it turns to the outside DNS server.
The outside DNS server returns the IP address to the local DNS server.
The local DNS server returns the IP address to the client workstation.
The client workstation attempts ...