Re: Can't Resolve from behind firewall

[michel 'ziobudda' morelli <michel () ziobudda net>]

Il ven, 2002-10-18 alle 14:41, Dickon Newman ha scritto:
> Remember that DNS is UDP port, not a TCP port.  I'm not sure about how
> you've setup your firewall, or if it even makes the distinction between the
> two (I would hope that it would!).

Only one thing: under CheckPoint FW with IIS 5.0 i need to open DNS-tcp
to permit to send email. I don't know why this, but without DNS-tcp I
can not to send email. 

bye

> Hope that helps,
> Dickon...
>
> ----- Original Message -----
> From: <khayes () eastbay com>
> To: "Ahmed.Shazly" <ahmed.shazly () hotpop com>
> Cc: <security-basics () securityfocus com>
> Sent: Thursday, October 17, 2002 2:42 PM
> Subject: Re: Can't Resolve from behind firewall
>
>
> > Have you tried taking at a look at the network traffic to see if the two
> > DNS servers are even getting past the handshake phase?  From the limited
> > information I have, I'd have to venture a guess that they're not.
> >
> > Ken Hayes
> > Network Administrator
> > Eastbay / Footlocker.com
> > Wausau, WI Offices
> > (715) 261-9573
> > khayes () eastbay com
> >
> >
> >
> >
> >
> >
> >
> >                                        To:
> <security-basics () securityfocus com>
> >                                        cc:
> >               "Ahmed.Shazly"           Subject:  Can't Resolve from behind
> firewall
> >               <ahmed.shazly () hotpop com
> >               >
> >
> >               10/16/2002 05:15 PM
> >
> >
> >
> >
> >
> >
> > Hi everyone,
> >   I Just got a PIX 501 for my company and since they have strict policies
> i
> > do have to strict usage to port 80, now with the PDM i try permiting
> > outgoing traffic from the my local net on port 80 to any outside port and
> > permit outgoing traffic on port 53 for the DNS to any port since we use
> the
> > DNS server of our ISP. the only thing that happens is that i still can't
> > resolve websites and they only work if i use their IP addresses. i do use
> > PAT and i'm not sure wheather it has anything to do with whats going on
> any
> > suggestions?
> >
> > Regards,
> >      A.Shazly
> >
> >
> >
> >
> >
> >
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -
> > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> -
> > - - - - - - - - - - - - - - -
> > The information in this e-mail, and any attachment therein, is
> confidential
> > and for use by the addressee only.  If you are not the intended recipient,
> > please return the e-mail to the sender and delete it from your computer.
> > Although the Company attempts to sweep e-mail and attachments for viruses,
> > it does not guarantee that either are virus-free and accepts no liability
> > for any damage sustained as a result of viruses.
-- 
--
Perché se Dio è immortale, ha lasciato ben due Testamenti?
--
Michel <ZioBudda> Morelli               michel () ziobudda net

ICQ UIN: 58351764                       PR of Linux in Italy
http://www.ziobudda.net                 http://www.phpdev.it