[nsp] Re: [nsp] PIX deny UDP
odusseus
odusseus@voila.fr
Mon, 14 Oct 2002 17:37:51 +0200
Hi,
> you might want to add tcp also as DNS uses both udp and tcp
>
> conduit permit udp host 10.10.10.10 eq 53 any
> conduit permit tcp host 10.10.10.10 eq 53 any
I tried, without result. I also modified my access-list, there is no matches for tcp but it has for udp.
With the udp port an internal host can get answers from the DNS server.
External host cannot. the main difference are the routers, the VLANs involved and the PIX.
The last trace of the DNS query from the external host is on the PIX. A tcpdump on the server showes no incoming packet a part from the ICMP ones.
Thank you.
Regards,
Christophe
------------------------------------------
Faites un voeu et puis Voila ! www.voila.fr