At 04:50 PM 1/2/01 -0400, you wrote:
>Hey guys,
>
>I am running Imail on Win2k, I am experimenting with TCP filtering, I have
>opened the following ports:
>
>25 - SMTP
>53 - DNS
>80 - Webmail
>100 - Spellchecker
>110 - POP
>8383 - EZSignup
>
>Imail can send mail to itself without problem, but fails to send mail to any
>other server. I have come to the conclusion that it is a DNS problem since I
>cannot perform nslookups (unless I remove the filtering)from the server. As
>far as I know, port 53 is DNS, I have opened both tcp and udp, anyone have
>any ideas? All other services work as they should, I can surf, signup, etc,
>etc.
>
>Craig Gittens
Your firewall and/or TCP/UDP filtering must permit UDP (but not TCP)
traffic to ports > 1023 on the DNS server. Here's why:
DNS client-to-server query
source port >1023; destination port 53
DNS server-to-client response
source port 53; destination port > 1023
DNS server-to-server query or response
with udp on some servers, source & destination port is 53
with tcp the requesting server will use a port > 1023
servers that do not use UDP source port 53 are indistinguishable from clients.
Source: "Building Internet Firewalls, (2nd Edition, June 2000)" by Zwicky,
Cooper & Chapman
HTH
----
Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049
Providing Internet Solutions Worldwide - An eDataWeb Affiliate
----
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
