Jon Earle wrote:
>
> Folks,
>
> If I implement packet filters on my firewall to allow DNS queries to enter,
> should I be concerned about packets with both the source _and_ destination
> ports set to 53?
You should _NOT_ be enforcing port 53 as source port, as many firewalls
will translate the source port 53 to something high.
Apple recently tried allowing 53 and 1024-65535 but ended up blocking
all firewall-1 users since fw-1 tries to translate low source ports
into other low source ports, ie 53 ended up somewhere
above 512 but below 1024.
Conclusion:
Allow ANY source port for your DNS queries.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
