Re: IPSec Paketfilter für Mailserver (MDaemon)

From: Markus Mühlich (markus.muehlicht_at__net_cologne.de)
Date: 03/25/04

Next message: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Previous message: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
In reply to: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Next in thread: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Reply: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 25 Mar 2004 19:11:07 +0100

Hallo Christoph,

vielen Dank für Deine Antwort.

> Traffic nach Port 53 TCP & UDP muss frei sein.

Ja habe ich gemacht. Neben den bereits erwähnten Filterregeln bestehen auch
zwei für DNS:

Port 53 - TCP - eingehend - zulassen
Port 53 - UDP - eingehend - zulassen.

Das Ergbenis bleibt jedoch. Der Mailserver erhält keine Antwort weil diese
wohl auf einem anderen UDP Port ankommt, die eben durch den generellen
Filter blockiert wird. Ändere ich hingegen den Filter, daß er UDP auf allen
Ports durchläßt, hat der Mailserver keine Probleme.

Habe ich irgendeine Möglichkleit festzustellen über welchen Port dieser UDP
Verkehr reinkommt?

Danke
Markus

Next message: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Previous message: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
In reply to: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Next in thread: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Reply: Christoph Tuszynski: "Re: IPSec Paketfilter für Mailserver (MDaemon)"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: TPF outgoing alert
... You should be getting replies back on port 68. ... you *should* filter the address range 224.0.0.0 to ... with a mask; you have to use TPF's range option so that you don't ... >Generic Host Process for Win32 Services from your computer wants to send UDP ...
(comp.security.firewalls)
Re: Trouble IPSec Packet Filter and Mailserver
... Create an entry in the permit rule filter to allow traffic to your dns ... Traffic for dns name resolution normally uses port 53 udp ...
(microsoft.public.win2000.networking)
Re: XP SP2 en New Mail notifications
... An alternative is to set the specific UDP port that the client "listens" on. ... This only applies to Outlook 2003 clients. ... > to allow UDP traffic from our mailserver ...
(microsoft.public.windowsxp.security_admin)
Re: nmap and icmp-replies
... > So don't filter these messages, they make your scan results much more ... As far as UDP is concerned I agree. ... nmap should ignore icmp-replies when scanning only TCP, as TCP doesn't need icmp to rate traffic. ... >> how a managed service can help you: ...
(Pen-Test)
Re: Block UDP Ports?
... I'm using Checkpoint Firewall-1. ... reasonable that Firewall-1 would leave UDP wide open. ... > UDP ICMP port unreachable scanning: This scanning method varies from the ...
(comp.security.firewalls)