firewall blocking 53
Pete Ehlke
pde at ehlke.net
Wed Aug 7 17:23:00 UTC 2002
On Wed, Aug 07, 2002 at 09:54:36AM -0700, Armin Safarians wrote:
>
> Any ideas..?
> AMS :-)
Well, I'd say this is either a... ummm... feature... of Firewall-1, or
your firewall is poorly configured. If it's dynamically blocking ports
based on the fact that some outbound connections time out, then you'll
have to either configure it not to do that, or deal with the
consequences.
-P.
>
> -----Original Message-----
> From: Armin M. Safarians [mailto:armin.safarians at safeway.com]
> Sent: Monday, August 05, 2002 3:59 PM
> To: bind users
> Subject:
>
>
> All --
> Problem: CheckPoint firewall blocking dns traffic.
>
> IT seems like bind generates queries on the same
> high port (source) to port 53 (destination). Every time
> I bounce bind, it start it's queries from a new high
> port (source) to port 53 (destination). This high port
> stays the same until the next bounce.
>
> When the firewall sees a delay of more than 40
> seconds, it blocks all replies back to this high port.
> When I bounce bind, the new high port will work since
> there is no block.
>
> I hope this is not too confusing. Please shed some
> light if you get the basic problem here.
>
> AMS :-)
>
More information about the bind-users
mailing list