Re: need help blocking ports on sonicwall router

From: ABS (f_at_f.com)
Date: 06/30/05 

Date: Wed, 29 Jun 2005 23:23:00 -0700

"Duane Arnold" <Notme@notme.com> wrote in message
news:B6Mwe.104028$_o.90020@attbi_s71...
> ABS wrote:
>
>> I've got a sonicwall TZ170W and need to block a bunch of ports so users
>> on
>> my network can not access nntp usenet newsgroup servers over those ports.
>> So should I be blocking outgoing or incomming? I think outgoing, but just
>> want to make sure. The ports I will be blocking are-
>> 119, 53, 23, 25, 9000, 8000, 3128, 563, 443
>
> Most likely outbound will do it.
>
>> I know 25 is smtp for email, so outgoing would be ok to block. 23
>> outgoing
>> should be ok to block as well. 443 incomming or outgoing I'm not sure
>> since that's https/ssl stuff. 53 is DNS and since i am not running a dns
>> server I'd block incomming right?
>
> You block 53 UDP outbound and no machine behind the router will be able to
> contact the ISP's DNS server to convert url's or domain names to IP(s) and
> won't be able to connect a site with a browser as an example.
>
>> Just looking for some clarification
>> please. I'd also like to block domains, but don't know how since my
>> ap[pliance doesn't seem to do that for anything but web domains. If I
>> could block the nntp protocol entirely then it should work out better cus
>> then in newsreader apps they can try to connect over port 80 but still be
>> blocked i have heard.
>
> Just block port 119 as I don't think you can block NNTP by protocol.
>
>> Not sure though. For nntp servers that accept
>> connections over port 80 the only thing i can try is to block the range
>> of
>> ips from that usenet server, but how would i find their range of ips they
>> use? newsreader.com is one as well as a couple more servers I'm
>> forgetting
>> right now. So if I know the company, how do i find the ip range they are
>> using for their news servers so I could just block the range?
>
> You might be able to use Arin WhoIs to make that determination of the
> block
> of IP(S) being used by the ISP. I took the IP to my ISP's NG server and
> entered it and it cameback with the list of IP(s).
>
> Duane :)
>
>

I have to do incomming i guess cus outgoing 119 is blocked, but i am right
now on my news server.

Relevant Pages

  • Re: cannot send mail from Windows mail
    ... Your solution worked perfectly using gmail for outgoing ... youir username and password are correct for your mail server". ... I enter both gmail info but it pops up again and again; ... Ask your home ISP if they support SMTP on a port other than 25. ...
    (microsoft.public.windows.vista.mail)
  • Re: Cant send Mail With Outlook Express POP3
    ... Try changing the Outgoing Port to 587, as your ISP may be blocking Port 25. ... The connection to the server has failed. ... tick this server requires secure connection SSL ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • RE: Some technical errors
    ... If the SMTP server is not running on port 25 TCP it is not a public ... Manager - Computer Assurance Services BDO Chartered Accountants & ...
    (Security-Basics)
  • Re: SRV RRs support in Internet Explorer?
    ... The port number could be implicit (i.e. ... At any point in time, a server could fail ... can't effectively LB or backup because NSs cache the records for the TTL ... I still don't see how SRV records would help backup or LB. ...
    (microsoft.public.win2000.dns)
  • Re: Still cant connect to RWW or OWA remotely
    ... I get 'cannot find server or dns error' on both ... TCP [port number]> to open the ports. ... As for error messages when I fail to access RWW with the laptop, ... network, no connection seems possible. ...
    (microsoft.public.windows.server.sbs)