RE: Can't Resolve from behind firewall

From: John Canty (John.Canty@Vibro-Meter.com)
Date: 11/20/02

  • Next message: Brian Bettger: "RE: query on firewall throughput....." 
    Date: Wed, 20 Nov 2002 12:36:50 -0500
From: "John Canty" <John.Canty@Vibro-Meter.com>
To: "YashPal Singh" <ysingh@quark.co.in>, "Ahmed.Shazly" <ahmed.shazly@hotpop.com>, <security-basics@securityfocus.com>

    Rule number 1 about cisco devices.

    DO NOT USE GUI's provided by them (or anyone else for that matter) to
    configure their devices. The CLI mode will be harder, yes, once you
    realize how things are done you'll wish you started out that way.

    //John

    -----Original Message-----
    From: YashPal Singh [mailto:ysingh@quark.co.in]
    Sent: Saturday, October 19, 2002 1:30 AM
    To: Ahmed.Shazly; security-basics@securityfocus.com
    Subject: RE: Can't Resolve from behind firewall

    I think you have not allowed DNS incoming traffic. To debug your problem
    allow incoming udp packets from any to your ipaddress. I guess this is
    the
    only problem bcoz DNS reply from ur ISP get blocked by your Firewall.
    Moreover to check that this problem is just bcoz of firewall....put
    allow
    all rule at the top and then check if you are able to get DNS replies.

    Yash

    -----Original Message-----
    From: Ahmed.Shazly [mailto:ahmed.shazly@hotpop.com]
    Sent: Thursday, October 17, 2002 5:45 AM
    To: security-basics@securityfocus.com
    Subject: Can't Resolve from behind firewall

    Hi everyone,
      I Just got a PIX 501 for my company and since they have strict
    policies i
    do have to strict usage to port 80, now with the PDM i try permiting
    outgoing traffic from the my local net on port 80 to any outside port
    and
    permit outgoing traffic on port 53 for the DNS to any port since we use
    the
    DNS server of our ISP. the only thing that happens is that i still can't
    resolve websites and they only work if i use their IP addresses. i do
    use
    PAT and i'm not sure wheather it has anything to do with whats going on
    any
    suggestions?

    Regards,
         A.Shazly

    Relevant Pages

    • Website setup questions.
      ... Create firewall rule to direct HTTP port 80 to the SBS External NIC ... Create firewall rule to point DNS port 53 to the SBS External NIC ... NICS to get this request to not timeout or be refused. ...
      (microsoft.public.windows.server.sbs)
    • RE: strange traffic on UDP port 53
      ... Replies to DNS queries should be coming FROM port 53, ... > found a similar problem with packets being stopped by our firewall. ... The destination IP is our mail server (not ...
      (Incidents)
    • Re: port 53, please help!
      ... >> port 53 as blocked. ... >to folks with a Win98 connected thru a firewall to internet. ... find out the IP addresses of all your DNS servers. ...
      (comp.security.firewalls)
    • Re: router security
      ... Is it a stateless firewall, or does it do "Stateful Packet Inspection" ... Or does it just build a general network address translation? ... For example, if you had a DNS server running on your Debian machine, ... approach of using UDP port 53 as the source port for the outgoing ...
      (comp.security.misc)
    • Re: Public DNS names for SBS 2K3 - Question
      ... In what document did you find these recommendations for DNS names. ... > you're using, if you are using standard ports, the port is ... >>firewall and routed them to the same port on the SBS ... > document it recommends ...
      (microsoft.public.windows.server.sbs)