Re: how to configure public dns/web/mail server in firewall
- From: "Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx>
- Date: Mon, 11 Sep 2006 02:22:52 -0500
micro_xii via WinServerKB.com wrote:
Greetings:
I have a sonicwall or lets say any firewall. How can i configure this
and protect my servers.Do i need to put them in DMZ?
No, by putting servers in a DMZ, you greatly increase the attack surface of
your servers available to the internet.
Can anyone
recommend me for best solutions. Right now, im using the windows 2003
firewall, but i guess its not enough. Aside from ports 53,25,80, what
are other ports should i opened.
Ports 53 UDP and TCP need only be open inbound if you host a public DNS zone
on the server. If you are going to do that, you need at least two servers,
(Provided someone else is hosting a Secondary for you, if not you need
three) One set of servers would be for inbound public queries, the other DNS
is for local network resolution by DNS. At this time MS DNS servers don't
fully support either network views or selective recursion. Your internal
server that resolves names for your local clients (the server is a client
too) must be able to access any address on the internet or 53 UDP/TCP for it
to use recursion to resolve external names. If you have a DNS server outside
your firewall that the internal server can forward to, you can select "Do
not use recursion" and have only 53 UDP/TCP open to that server. Keep in
mind, stopping your server from using recursion means you should very well
use only an external DNS you can fully trust as a forwarder. This is the
main points to make on DNS behind firewalls.
254018 - How to Configure Input Filters for Services That Run Behind Network
Address Translation:
http://support.microsoft.com/default.aspx?scid=kb;en-us;254018
832017 - Port Requirements for the Microsoft Windows Server System:
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
.
- References:
- how to configure public dns/web/mail server in firewall
- From: micro_xii via WinServerKB.com
- how to configure public dns/web/mail server in firewall
- Prev by Date: how to configure public dns/web/mail server in firewall
- Next by Date: Re: Adding A record for reverse DNS
- Previous by thread: how to configure public dns/web/mail server in firewall
- Next by thread: Re: how to configure public dns/web/mail server in firewall
- Index(es):
Relevant Pages
|
