Security Basics mailing list archives
Re: Can't Resolve from behind firewall
From: michel 'ziobudda' morelli <michel () ziobudda net>
Date: 18 Oct 2002 18:45:11 +0200
Il ven, 2002-10-18 alle 14:41, Dickon Newman ha scritto:
Remember that DNS is UDP port, not a TCP port. I'm not sure about how you've setup your firewall, or if it even makes the distinction between the two (I would hope that it would!).
Only one thing: under CheckPoint FW with IIS 5.0 i need to open DNS-tcp to permit to send email. I don't know why this, but without DNS-tcp I can not to send email. bye
Hope that helps, Dickon... ----- Original Message ----- From: <khayes () eastbay com> To: "Ahmed.Shazly" <ahmed.shazly () hotpop com> Cc: <security-basics () securityfocus com> Sent: Thursday, October 17, 2002 2:42 PM Subject: Re: Can't Resolve from behind firewallHave you tried taking at a look at the network traffic to see if the two DNS servers are even getting past the handshake phase? From the limited information I have, I'd have to venture a guess that they're not. Ken Hayes Network Administrator Eastbay / Footlocker.com Wausau, WI Offices (715) 261-9573 khayes () eastbay com To:<security-basics () securityfocus com>cc: "Ahmed.Shazly" Subject: Can't Resolve from behindfirewall<ahmed.shazly () hotpop com > 10/16/2002 05:15 PM Hi everyone, I Just got a PIX 501 for my company and since they have strict policiesido have to strict usage to port 80, now with the PDM i try permiting outgoing traffic from the my local net on port 80 to any outside port and permit outgoing traffic on port 53 for the DNS to any port since we usetheDNS server of our ISP. the only thing that happens is that i still can't resolve websites and they only work if i use their IP addresses. i do use PAT and i'm not sure wheather it has anything to do with whats going onanysuggestions? Regards, A.Shazly - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --- - - - - - - - - - - - - - - The information in this e-mail, and any attachment therein, isconfidentialand for use by the addressee only. If you are not the intended recipient, please return the e-mail to the sender and delete it from your computer. Although the Company attempts to sweep e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses.
-- -- Perché se Dio è immortale, ha lasciato ben due Testamenti? -- Michel <ZioBudda> Morelli michel () ziobudda net ICQ UIN: 58351764 PR of Linux in Italy http://www.ziobudda.net http://www.phpdev.it
Current thread:
- Re: Can't Resolve from behind firewall khayes (Oct 17)
- Re: Can't Resolve from behind firewall Dickon Newman (Oct 18)
- Re: Can't Resolve from behind firewall michel 'ziobudda' morelli (Oct 18)
- Re: Can't Resolve from behind firewall Sumit Dhar (Oct 21)
- Re: Can't Resolve from behind firewall Jason Kohles (Oct 21)
- Re: Can't Resolve from behind firewall michel 'ziobudda' morelli (Oct 18)
- <Possible follow-ups>
- RE: Can't Resolve from behind firewall Security Newsletters-TM (Oct 17)
- RE: Can't Resolve from behind firewall YashPal Singh (Oct 21)
- Re: Can't Resolve from behind firewall Dickon Newman (Oct 18)