T
Todd Ellington
Does TCP/IP Filtering block inbound AND outbound traffic or only inbound
traffic?
traffic?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
S
Steven L Umbach
It only blocks inbound traffic and also allows return traffic from outbound
initiated tcp traffic. Ipsec filtering can be used to control traffic in
both directions but the rules are sometimes a bit difficult to figure out as
the order of the rules do not matter. A specific rule overrides a general
rule type scheme. --- Steve
initiated tcp traffic. Ipsec filtering can be used to control traffic in
both directions but the rules are sometimes a bit difficult to figure out as
the order of the rules do not matter. A specific rule overrides a general
rule type scheme. --- Steve
T
Todd Ellington
The problem I'm experiencing is that with Filtering enabled, the server
isn't able to resolve names. This, wouldn't be much of a problem except the
mail server will not send mail out to any domains it doesn't host itself.
I've got all the standard ports opened for a web server, uncluding port 53
(TCP & UDP) and UDP port 1024, thinking those were the ones for DNS...
isn't able to resolve names. This, wouldn't be much of a problem except the
mail server will not send mail out to any domains it doesn't host itself.
I've got all the standard ports opened for a web server, uncluding port 53
(TCP & UDP) and UDP port 1024, thinking those were the ones for DNS...
S
Steven L Umbach
The problem I have noticed is that ip filtering doe not check the state of
the connection for udp and when you send a request for dns name resolution
outbound on port 53 udp, the dns server will respond to your computer on the
randomly selected above 1024 inbound port and that return connection is
being blocked, thus no name resolution. --- Steve
the connection for udp and when you send a request for dns name resolution
outbound on port 53 udp, the dns server will respond to your computer on the
randomly selected above 1024 inbound port and that return connection is
being blocked, thus no name resolution. --- Steve