Need suggestion about firewall and BIND 8.3.3
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Jul 15 16:14:58 UTC 2002
Michael AIG <mike_aig at hotmail.com> wrote:
> Hello,
> I want to protect both my primary and secondary DNS server with a packet
> filtering software. Any suggestion which ports should I open on both my
> primary and secondary DNS server? I also want to enable SSH and FTP on both
> servers.
> Thank you in advance!
DNS needs :
incoming 53 UDP and TCP,
outgoing any with "keep-state"
ssh needs incoming 22/TCP
outgoing any keep state
ftp is difficult, if you allow passive ftp then you'll have to allow
a large number of ports ( those that ftpd handles out) + 21 TCP
if you settle for non-passive ftp you may get around with 20 and 21 TCP
for incoming and > 1023 TCP "keep-state" for outbound.
> Regards,
> Mike
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list