On Jul 7, 2012, at 5:44 PM, Keith Medcalf wrote: >> "What's the problem with using 255.255.255.247 as a subnet mask if you >> want to make a LAN subnet with 12 hosts?" >> (5 word answer) > > Unemployment Office Is That Way -> > > Is the only 5 word answer I could come up with. The correct answer "invalid > netmask", is only two words. >
LoL... Even if you allowed for discontiguous subnet masks, you'd need to use 255.255.255.243 and not 255.255.255.247 to achieve 12 hosts. Not sure what 5 word answer you're looking for, but Keith's answer and mine are the two most obvious issues I can think of. > >> "What TCP destination port numbers should be allowed through the >> perimeter stateful firewall device to and from a mail server whose >> only purpose is to proxy SMTP mail from internal sources?" >> (one number answer) > > Short Answer: There is no answer to the question that can be expressed in > one number. Sure there is, if you count "none" as a number. > Outbound connections to TCP destination port 25 only. Returning traffic > (including associated ICMP) should be automatically handled by your stateful > inspection firewall. If not, you need to buy a better firewall. I'd allow 25 and 465 outbound, myself. No reason to block SSL if the remote side offers the capability. ICMP wouldn't be a TCP destination port number anyway. > Any applicant who provides any answer should the rejected out of hand as (a) > being unable to read (b) being a threat to security. LoL... Some truth to that. Owen
