Re: need help blocking ports on sonicwall router
From: ABS (f_at_f.com)
Date: 06/30/05
- Previous message: Spack: "Re: Security Breach"
- In reply to: Duane Arnold: "Re: need help blocking ports on sonicwall router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jun 2005 02:02:41 -0700
"Duane Arnold" <Notme@notme.com> wrote in message
news:LSNwe.103663$x96.59627@attbi_s72...
> ABS wrote:
>
>>
>> "Duane Arnold" <Notme@notme.com> wrote in message
>> news:B6Mwe.104028$_o.90020@attbi_s71...
>>> ABS wrote:
>>>
>>>> I've got a sonicwall TZ170W and need to block a bunch of ports so users
>>>> on
>>>> my network can not access nntp usenet newsgroup servers over those
>>>> ports. So should I be blocking outgoing or incomming? I think outgoing,
>>>> but just want to make sure. The ports I will be blocking are-
>>>> 119, 53, 23, 25, 9000, 8000, 3128, 563, 443
>>>
>>> Most likely outbound will do it.
>>>
>>>> I know 25 is smtp for email, so outgoing would be ok to block. 23
>>>> outgoing
>>>> should be ok to block as well. 443 incomming or outgoing I'm not sure
>>>> since that's https/ssl stuff. 53 is DNS and since i am not running a
>>>> dns
>>>> server I'd block incomming right?
>>>
>>> You block 53 UDP outbound and no machine behind the router will be able
>>> to contact the ISP's DNS server to convert url's or domain names to
>>> IP(s)
>>> and won't be able to connect a site with a browser as an example.
>>>
>>>> Just looking for some clarification
>>>> please. I'd also like to block domains, but don't know how since my
>>>> ap[pliance doesn't seem to do that for anything but web domains. If I
>>>> could block the nntp protocol entirely then it should work out better
>>>> cus then in newsreader apps they can try to connect over port 80 but
>>>> still be blocked i have heard.
>>>
>>> Just block port 119 as I don't think you can block NNTP by protocol.
>>>
>>>> Not sure though. For nntp servers that accept
>>>> connections over port 80 the only thing i can try is to block the range
>>>> of
>>>> ips from that usenet server, but how would i find their range of ips
>>>> they use? newsreader.com is one as well as a couple more servers I'm
>>>> forgetting
>>>> right now. So if I know the company, how do i find the ip range they
>>>> are
>>>> using for their news servers so I could just block the range?
>>>
>>> You might be able to use Arin WhoIs to make that determination of the
>>> block
>>> of IP(S) being used by the ISP. I took the IP to my ISP's NG server and
>>> entered it and it cameback with the list of IP(s).
>>>
>>> Duane :)
>>>
>>>
>>
>> I guess i don't know what is what in my router. Need to figure out how to
>> get so any computer on my lan and wireless lan can not access wan and
>> whatever port i say. there's so many options for the sonicwall it's
>> confusing. i guess i have to call them.
>
> I concur.
>
> Duane :)
I called and figured out what options to select. They told me the new
sonicos enhanced firmware for the TZ170W was just released on the 24th so I
just upgraded to factory defaults and then configured some stuff. Now I just
have to add these rules for blocking and test it.
- Previous message: Spack: "Re: Security Breach"
- In reply to: Duane Arnold: "Re: need help blocking ports on sonicwall router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
