On Tue, Dec 04, 2001 at 11:42:15AM -0700, Mike V wrote: > I was under the impression that 53/tcp was for zone xfers, and 53/udp was > for queries, so you may want to confirm to avoid opening more than you need > to. > Your impression is close, tcp is generally used for zone transfers, but only by coincidence, not by design. tcp is used any time the record exceeds the maximum udp packet size, on many servers this will only occur during zone transfers, but you can also hit this when getting back large answers, such as round robin entries that point to many hosts.
> Mike > > ----- Original Message ----- > From: "Sa?a Popravak" <[EMAIL PROTECTED]> > To: "wali" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Monday, December 03, 2001 1:51 AM > Subject: Re: pix firewall and mail server > > > > You should also open ports 53/tcp and 53/udp for dns queries so one can > find > > your mail server by checking MX record from your dns. > > > > Best wishes, > > Pope > > > > > > > > > > > > ----- Original Message ----- > > From: "wali" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, 29.November 2001 14:50 > > Subject: pix firewall and mail server > > > > > > > hi > > > i have a cisco pix firewall > > > and i only have a mail server(MS exchange) on nt server > > > and alot of workstations on nt workstation > > > i made a nating for the pcs to work in virtual ips > > > and only the mail server take a real ip(the traffic came to real and the > > > firewall pass it to the virtual) > > > and i only want the out side traffic came to mail ports only > > > so i opened the 25 tcp port and close any comming other ports > > > but the servr stop to recieve mails > > > wahen i allow all traffic on except icmp it works > > > is there any other ports should be open to allow the mail server to = > > > recieve mails > > > > > > > > > > > > -- Jason Kohles [EMAIL PROTECTED] Senior System Architect (703)786-8036 (cellular) Red Hat Professional Consulting (703)456-2940 (office)
