Gabriel, Thats odd about Smoothwall requiring a DNS port open in order to browse the web. Cant imagine why that would cause unknown page errors if it were closed.
I'm using Outlook 2003, but even Outlook Express has the option to require that the pop3 port use encryption. Its in the Account options, and finally Advanced tab. (the exact locate varies by client) Check the box and port 995 appears as default. Then just have to open that port on the firewall. Seems to be built into QT... Most clients support it besides Outlook. -----Original Message----- From: Gabriel Lai Yong Shern - E Technology [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 3:30 PM To: [email protected] Subject: Re: [qmailtoaster] open dns ports... Hi Lynn, It depends how you configure your firewall system. I have my Smoothwall Corporate version running, and it's integrated with a moduel called SmoothAuth. Where every users will be given a user name and password. Without keying in any user name & password, they can't do anything browsing, Instant messaging or any P2P downloads. Let's say User A, I allow him Port 80 only for browsing. I will still have to open Port DNS Query for in return packet. Otherwise, many pages will be Unknown Page, unless certain pages are caches by the Proxy Server. Firewall system is to prevent your network being hack in. However, I don't think that there is a firewall system that can give you a 100% confirmation that no hackers can hacks in. However, as a Administrator, we have to monitor the activities of the network traffic. You may do a testing on it, without Opening DNS Port for your network, you'll know the results, it returns very very slow. Oh ya, if possible, please advice me on how can I turn my QT to run in a safe port - SSL. Cheers, Gabriel Lynn wrote: >Gabriel Lai, > >The system works fine with those ports closed on the LAN firewall. >I just didnt want to block them if there was a reason for them to be >open. > >Generally, you want to keep as many ports closed as possible. >Please keep in mind - opening ports on a firewall tends to be done to >allow the world in. Its not done to allow traffic out. But of course >I'm talking basic router/firewall equipment. > >The more expensive stuff requires specifically allowing traffic in >either direction. Too much work as far as Im concerned. > >DNS seems too much of a security threat to me. It hands out >information. Info that theres no need for the world to know. Same is >true for the Windows file sharing ports. > >All this came about because Ive had to set up the qmail toaster's >internal firewall by hand. At first, I opened all the ports found in >the firewall.sh script. > >In all the times that I installed Q.T. (while I was learning it), every >time I ran the firewall.sh script from the website, it killed all >traffic in and out of the box. > >My server only has one nic, and its all just standard hardware. >Dont know why the iptables set by the script prevents all traffic. >I think its the script... > >I even close the 110 tcp pop3 port now, since I can use the 995 ssl >pop3 port with my wonderful toaster. > > > ------------------------------------------------------------------ --- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
