I don't get your question 100%, but this might help.
Port 25 id the standard port for SMTP exchanges, 53 for DNS. These are not absolute requirements but they are conventions in common use.
If a remote mail server wants to talk to your server, it will use port 25, except in exceptional (pre-agreed) circumstances. Sending a smtp request on some other port is possible (if your software is sufficiently flexible) but the packets have to arrive at a mail server listening to that port. In general, they don't. You do not normally have control on what port a remote server will try to talk to your mail server on, so you use the standard. A mail server (out of the box) will use port 25 for smtp and you would have reconfigure it to get it to listen to a different port (it probably only listen to one port.)
The reasons for using nonstandard ports for most protocols are rare, but they are usually for obfusification-type purposes, or to get multiple versions of a protocol onto a single ip address. They are used a bit in the http arena, eg. for so-called "virtual servers", where a single server machine serves different sites or sections of a site on different ports. However, the requesting browser must specify the port, like http://vbox2.xyz.com:8099/ to use port 8099. Generally, this is avoided where the user must type the site name because it's easier to get it wrong - better to use the standard - but that's not a problem where the address comes from a link.
There are various uses for non-standard ports. Sometimes using a non-standard port can be a way of hiding something, like a higher security part of a site. However, this might hide it from the casual browser but it's not real security, if anyone scans the system, they'll find it.
Normally, you wouldn't bother with non-standard ports unless you have a specific purpose. And you certainly can't expect anyone on the internet to know your nonstandard port usage unless you specifically tell them.
If your mail server is in your protected network, eg so internal mail doesn't have to go traverse the firewall (twice,) then the simplest way set it up to is to assign an alias address at the firewall then create a tunnel thru to the mail server. Use all standard port numbers. Turn on the tunnel automatic filter, so you don't need to create a filter yourself. (I'm not sure if automatic filters are on all gnat versions, if not, upgrades are cheap!)
eg: alias 203.21.32.16, tunnel 203.21.32.16 port 25 to 10.1.1.4 port 25. (203.21.32.x is internal, 10.1.1.0 internal)
In your dns zone file you would put the external address in the mail exchanger record,
xyz.com. IN MX 10 mail.xyz.com
then
mail.xyz.com. IN A 203.21.32.16
You might also like to put in a record for the internal address of the mail server, for internal use (only)
imail.xyz.com IN A 10.1.1.4
Same answer for DNS on port 53.
Hope this helps
Jim Birch
Multinode Computing
[EMAIL PROTECTED]
>If I am setting up a remote access filter for a mail server should I
>require that all traffic destined for port 25 on my server come from
>port 25 on the other server? Same question on DNS (port 53).
>
>Thanks
>
>Tom Harmon, Network Manager - mailto:[EMAIL PROTECTED]
>Eau Claire Area School District - http://www.ecasd.k12.wi.us
>500 Main Street - voice: 715-833-5513 fax: 715-833-3481
>Eau Claire, WI 54701
- Remote filters Tom Harmon
- RE: Remote filters max
- Re: Remote filters Chris Green
- JBirch
