Correct, when you make a tcp or udp request on a known port (dns,
smtp, ftp, etc, check http://www.isi.edu/in-notes/iana/assignments/port-numbers for
a list), the response from the destination is always (supposed to be always)
returned on a port greater than 1023. This was the part that confused me, I
couldn't figure out if you were trying to block your clients dns requests or
block outside sources from making dns requests to your dns server. Keeping
tweaking it and if you need any help just ask.
-----Original Message-----
From: Richie, Nathan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 29, 2000 2:59 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Access-list Problem with UDP Port 53Basically, I am trying to protect the clients network from the Internet. The serial interface is the gateway to their ISP. I fully understand the purpose of access lists, but I am still becoming familiar with the proper configuration for different scenarios to provide the desired results.I recieved an explanation from another gentleman in our study group. He states that when you receive a DNS querie reply, it uses a UDP greater than 1023. So in order to get DNS reponses, I need to open up UDP port >1023. I will do this using the ISP's DNS servers as the source IP. Hope I made sense here.Thanks for your offer to help.
