Re: DNS Help
- From: Raji Arulambalam <rajia@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 7 Feb 2002 09:23:36 +1300
Hi Jim
Here is how they are defined
The external NIC has multiple IP#s
Packet Filter Name : DNS filter
Enabled : True
Filter Mode : Allow
Predefined Filter : DNS Lookup
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers
Packet Filter Name : DNS Query
Description : Created by RA 9/8/01. Q291662
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : UDP
Direction : Inbound and Outbound
Local Port : 53
Remote Port : Any Port
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers
Packet Filter Name : DNS TCP
Description : Created by RA 9/8/01. Q292278
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : TCP
Direction : Outbound
Local Port: Any Port
Remote Port : 53
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers
Packet Filter Name : DNS Zone Transfer
Description : Created by RA 9/8/01. Q291662
Enabled : True
Filter Mode : Allow
Filter Type : Custom
Protocol : TCP
Direction : Inbound and Outbound
Local Port : 53
Remote Port : Any Port
Local Computer Filter Applies to : Default External IP
Remote Computer Filter Applies to : All Remote Computers
---------------------------------------------
Raji Arulambalam
Systems Administrator
Bay of Plenty REGIONAL Council
P O Box 364 Whakatane.
NEW ZEALAND
Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390
Fax: 0800 ENV FAX (0800 368 329) +64 7 922 3393
http://envbop.govt.nz
--------------------------------------------
[Unix] is not necessarily evil, like OS/2. - Peter Norton
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Thursday, 7 February 2002 4:15 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: DNS Help
http://www.ISAserver.org
Those are all DNS queries (UDP-53) and one SMTP packet from 192.146.150.3
(TCP-25).
What's happening is that the PF service is rejecting the packets.
Exactly how are your packet filters defined?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Raji Arulambalam" <rajia@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, February 05, 2002 19:44
Subject: [isalist] DNS Help
http://www.ISAserver.org
Hi
I am hosting a DNS server on the ISA server. I have set up packet filters
etc as in KB articles Q292278, Q291662 to answer DNS queries and zone
transfers.
Can someone explain why these are blocked / what do they mean... taken from
the Packet Filter logs.
2/6/2002, 0:02:55, 62.168.72.75, 192.146.150.10, Udp, 2656, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:00, 62.168.72.75, 192.146.150.10, Udp, 2647, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:04, 62.168.72.75, 192.146.150.10, Udp, 2647, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:12, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:17, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:21, 62.168.72.75, 192.146.150.10, Udp, 2664, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:46, 192.146.150.3, 210.48.22.151, Tcp, 59309, 25, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:52, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:03:57, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:04:01, 62.168.72.75, 192.146.150.10, Udp, 2668, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 0:39:56, 195.101.94.7, 192.146.150.100, Udp, 1688, 53, -, BLOCKED,
192.146.150.3, -, -
2/6/2002, 15:49:42, 203.97.32.5, 192.146.150.100, Udp, 37898, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:37:24, 209.81.9.151, 192.146.150.100, Udp, 2871, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:12:02, 208.24.179.207, 192.146.150.100, Udp, 52983, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:36, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:40, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:41, 202.7.15.13, 192.146.150.100, Udp, 59100, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:45, 202.7.15.61, 192.146.150.100, Udp, 62862, 53, -,
BLOCKED, 192.146.150.3, -, -
2/6/2002, 15:09:45, 202.7.15.61, 192.146.150.100, Udp, 62862, 53, -,
BLOCKED, 192.146.150.3, -, -
If these are for Reverse lookups (there are mail systems that now do these
before accepting mail.) how do I allow it.??
Thanks
---------------------------------------------
Raji Arulambalam
Systems Administrator
Bay of Plenty REGIONAL Council
P O Box 364 Whakatane.
NEW ZEALAND
Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390
Fax: 0800 ENV FAX (0800 368 329) +64 7 922 3393
http://envbop.govt.nz
--------------------------------------------
Ed Rooney: I don't trust this kid any farther than I can throw him. Grace:
With your bad knee Ed, you shouldn't throw anybody.
******************************************************
This e-mail has been checked for viruses and no viruses were detected.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rajia@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
**********************************************************************
This e-mail message has been swept for content and viruses. No viruses were
detected.
Contact the Helpdesk on extension 9CIS (9247) for assistance, if required.
******************************************************
This e-mail has been checked for viruses and no viruses were detected.
Other related posts:
