Re: TCP/IP filtering issues...Please help!

From: Brett W. McCoy (bmccoy@chapelperilous.net)
Date: 08/29/02 

Date: Thu, 29 Aug 2002 13:33:15 -0500 (EST)
From: "Brett W. McCoy" <bmccoy@chapelperilous.net>
To: Ben Croxton <Ben@AxxessTechnologies.com>

On Wed, 28 Aug 2002, Ben Croxton wrote:

> I am in the process of completely locking down (as much as possible anyway
> ;o) my MS network...All Win2k. In applying TCP/IP filtering rules I ran into
> a problem:
> I setup rules to allow all necessary ports for both internet and intranet
> traffic, and everything works fine with the exception of DNS. Even though I
> opened port 53 TCP/UDP I am still unable to browse the web without going to
> the specific IP address of a web server. I have not applied these rules to
> all clients yet because of this problem, and am in a hurry to do so. I seem
> to remember reading that even though DNS works on TCP/UDP 53, that responses
> come in on a higher range of ports...not sure if this is correct but it is
> all that I can think of. I am hoping someone out there knows the fix for
> this, I have searched all over google and can't seem to find an answer. If
> this is a simple thing, please excuse my ignorance...TIA :o))

Port 53 is used by a name server to listen to incoming requests. If you
aren't running a nameserver on the machine in question then blocking that
port is a good idea. If you can only access servers by IP address, you
don't have your local DNS configured correctly. Open up a command
window and type 'nslookup'. It should tell you the name of the nameserver
being used. If not, you don't have DNS configured correctly. Check the
properties for your Network Connection. Is this machine a server?

-- Brett
                                          http://www.chapelperilous.net/
------------------------------------------------------------------------
A lot of people I know believe in positive thinking, and so do I.
I believe everything positively stinks.
-- Lew Col

Relevant Pages

  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: SRV RRs support in Internet Explorer?
    ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
    (microsoft.public.win2000.dns)
  • Re: Still cant connect to RWW or OWA remotely
    ... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ...
    (microsoft.public.windows.server.sbs)
  • Re: cannot send mail from Windows mail
    ... When a username/password combination doesn't work in Windows Mail, ... I mean I dont use it but as outgoing address for my ISP account. ... youir username and password are correct for your mail server". ... Ask your home ISP if they support SMTP on a port other than 25. ...
    (microsoft.public.windows.vista.mail)
  • Re: How to trigger server to reattempt printer connection
    ... The spooler does not log any SNMP data. ... Best practices and known issues when you install Windows Server 2003 Service ... Before restarting the spooler next time, create a new port name to the ... This does not happen often, but when it does, it seems to stay offline ...
    (microsoft.public.windows.server.general)