Re: Firewall question
From: al (allen@somplace.com)
Date: 03/14/03
- Next message: al: "Re: Firewall question"
- Previous message: ObiWan: "Re: ports testing"
- In reply to: Lars M. Hansen: "Re: Firewall question"
- Next in thread: Pete Sherwood: "Re: Firewall question"
- Reply: Pete Sherwood: "Re: Firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "al" <allen@somplace.com> Date: Fri, 14 Mar 2003 18:31:35 GMT
ok, so I will create an ACL
access-list ACLOUT permit tcp host email-server any eq smtp
access-list ACLOUT permit tcp host email-server host dns-server eq 53
access-list ACLOUT permit udp host email-server host dns-server eq 53
access-group ACLOUT in interface inside
thanks,
al
"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:qt647v456m9j937o5ofl2biss5c827tsos@4ax.com...
> On Fri, 14 Mar 2003 18:10:44 GMT, al spoketh
>
> >Really, that's all I need?
> >So that means when we send an email out, our email server will use port
25
> >going out directly to the receiving email server?
> >without resolving to a DNS server going out on port 53?
> >Please verify.
> >Thanks,
> >Al
> >
>
> Well something has to be allowed outbound connections on port 53 for
> name resolution. If your mail server is configured to connect to an
> external DNS server for name resolution, then you need to add port
> 53/UDP and 53/TCP to the lest as well.
>
> However, if your mail server is configured to query an internal name
> server, then _that_ server has to be allowed outbound access on port 53.
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
- Next message: al: "Re: Firewall question"
- Previous message: ObiWan: "Re: ports testing"
- In reply to: Lars M. Hansen: "Re: Firewall question"
- Next in thread: Pete Sherwood: "Re: Firewall question"
- Reply: Pete Sherwood: "Re: Firewall question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
