Re: pix firewall and mail server

From: jamesworld@intelligencia.com
Date: 12/05/01


Date: Wed, 05 Dec 2001 09:52:08 -0600
To: "wali" <wali@nile-online.net>, <security-basics@securityfocus.com>
From: jamesworld@intelligencia.com

Do you have a static mapping for that device and does your Access-list
point to the outside IP of that static?

DNS should not stop you from receiving the mails. It helps when you want
to send, but you could point the DNS to another inside machine and handle
it that way.

At 07:50 11/29/01, you wrote:
>hi
>i have a cisco pix firewall
>and i only have a mail server(MS exchange) on nt server
>and alot of workstations on nt workstation
>i made a nating for the pcs to work in virtual ips
>and only the mail server take a real ip(the traffic came to real and the
>firewall pass it to the virtual)
>and i only want the out side traffic came to mail ports only
>so i opened the 25 tcp port and close any comming other ports
>but the servr stop to recieve mails
>wahen i allow all traffic on except icmp it works
>is there any other ports should be open to allow the mail server to =
>recieve mails



Relevant Pages

  • Re: Is This Normal DNS Behavior on a Server2003 SP2 Domain Controller
    ... Protection against the Microsoft DNS Cache Poisoning Vulnerability ... These response or service ports, are used by all Windows communications. ... How to reserve a range of ephemeral ports on a computer that is running Windows Server 2003 or Windows 2000 Server ...
    (microsoft.public.windows.server.dns)
  • Re: Issue with port blocking on public DNS server
    ... I am talking about the "Destination Ports" in the "Responses to local DNS ... names (other then the domain names in my own DNS server) on the servers. ... Filtering outbound requests on port 53 FROM the DNS to the Internet ...
    (microsoft.public.windows.server.dns)
  • Re: Connecting to Linux machine remotely
    ... The way to connect to a machine from a remote location is via ssh. ... want to connect from which queries the dns server of my ISP every 5 min ... ]> need you can forward tcp ports through ssh. ...
    (comp.os.linux.networking)
  • Re: iptables, NAT, DNS & Dan Kaminsky
    ... in RFC-compliant DNS caching servers the successful execution of which ... I.e. boxes within the NATted LAN which use ... random UDP ports are secure and neither the 2.4.x nor the 2.6.x series ...
    (Linux-Kernel)
  • Re: IPTables F*&%-up part 2
    ... > # move forwarding to top and comment out the disable line ... > iptables -X ... > # wants you to place the openings for ports ... # pop3 server--are you running a mail server for everyone? ...
    (comp.os.linux.security)