Ip Filtering

  • Thread starter Thread starter Larry
  • Start date Start date
L

Larry

I'm running a Win2k server without a firewall. I've been using IP
filtering to provide a modest level of protection. I've added a form
on the site that collects information from customers and emails it to
a certain address. With my current filtering (TCP - 80, 5631 UDP -
5632) the form won't work. An nslookup tells me it can't resolve the
name. I can ping the dns server so I know it's running. If I open all
UDP ports I can do an nslookup and the form works as well. I'm
learning that the reply from the dns server may be on a random port
over 1024. Is this true? I've tried opening UDP 53 but that didn't
work.
Since I'm always sending mail to the same address, is there anything
like a hosts file I can use for MX name resolution?
Thanks for any help.
 
In
Larry said:
I'm running a Win2k server without a firewall. I've been using IP
filtering to provide a modest level of protection. I've added a form
on the site that collects information from customers and emails it to
a certain address. With my current filtering (TCP - 80, 5631 UDP -
5632) the form won't work. An nslookup tells me it can't resolve the
name. I can ping the dns server so I know it's running. If I open all
UDP ports I can do an nslookup and the form works as well. I'm
learning that the reply from the dns server may be on a random port
over 1024. Is this true?
Click to expand...

Outgoing requests go out on random port over 1024

I've tried opening UDP 53 but that didn't
work.
Click to expand...
you also need TCP 53 open
Since I'm always sending mail to the same address, is there anything
like a hosts file I can use for MX name resolution?
Click to expand...

No you cannot

I would suggest that you use packet filtering in RRAS instead of using the
filter on the interface because it will allow for port redirection on out
going requests.
 
Kevin D. Goodknecht said:
Outgoing requests go out on random port over 1024
Click to expand...

By "outgoing requests" you mean the response from the DNS server is on
a port over 1024? So on my machine, as a client I would open all
incoming ports to the IP address of my DNS servers?
 
In
Larry said:
By "outgoing requests" you mean the response from the DNS server is on
a port over 1024? So on my machine, as a client I would open all
incoming ports to the IP address of my DNS servers?
Click to expand...

What I mean is when your DNS server has to do a lookup for an external name
it connects from a port above 1024 to port 53 so you need ports above 1024
open for outgoing connections.
This goes the same for all applications making out going connections.
Take IE for instance, when you open a website it connects to port 80, but it
will connect from a port above 1024.

This is the problem with the packet filtering in TCP/IP properties on the
interface if you only have port 80 open then that is the only port open for
outgoing connections, too. If the rest of the ports are closed they are
closed both ways.
254018 - How to Configure Input Filters for Services That Run Behind Network
Address Translation
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254018
 
Back
Top