[c-nsp] 2611xm slowed to crawl, ip based filter...
Bruce Pinsky
bep at whack.org
Wed Sep 8 19:59:26 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeff Johnson wrote:
| So i have modified per the suggestions of everyone. everything looks good,
|
| the one bizzarro issue that i am uncertain of is when i turn on the
| firewall rules my outgoing mail server is unable to resolve some domain
| names. which i am having trouble making sense of this because our
| primary name server is inside the firewall. i am able to dig the names
| fine. I might chalk it up to a fluke and try again, but just for kicks
| i will float out my config one more time.
|
| I haven't run nessus with the changes and i think this will be the true
| test.
|
Put a deny statement with logging at the end of your access list to see
what is being blocked.
As I recall, you will probably have to allow UDP packets sourced from port
53 to get DNS to work properly.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFBP5zeE1XcgMgrtyYRAjyoAKD+LVsOQNdLKIV+cTwJAo0gQDmiOACg1/E0
sWRFQ0LZCdQwDK507fIZ5Qk=
=QA+w
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list