[c-nsp] 2611xm slowed to crawl, ip based filter...

Bruce Pinsky bep at whack.org
Wed Sep 8 19:59:26 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jeff Johnson wrote:

| So i have modified per the suggestions of everyone.  everything looks good,
|
| the one bizzarro issue that i am uncertain of is when i turn on the
| firewall rules my outgoing mail server is unable to resolve some domain
| names.  which i am having trouble making sense of this because our
| primary name server is inside the firewall.  i am able to dig the names
| fine.  I might chalk it up to a fluke and try again, but just for kicks
| i will float out my config one more time.
|
| I haven't run nessus with the changes and i think this will be the true
| test.
|


Put a deny statement with logging at the end of your access list to see
what is being blocked.

As I recall, you will probably have to allow UDP packets sourced from port
53 to get DNS to work properly.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFBP5zeE1XcgMgrtyYRAjyoAKD+LVsOQNdLKIV+cTwJAo0gQDmiOACg1/E0
sWRFQ0LZCdQwDK507fIZ5Qk=
=QA+w
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list