Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Inquiry

Status
Not open for further replies.
rtiv

rtiv

IS-IT--Management
Mar 12, 2002
142
US
My external W2K DNS server sits in a DMZ. Can someone tell me what other ports aside from TCP/UDP 53 (DNS) need to be opened up on my PIX firewall going from my DMZ to the internal network?

Thanks
 
Sort by date Sort by votes
HI.

You don't need to open any specific port for traffic from DMZ to internal network.
You only need to define "nat" and "global" commands for translation. The same "nat 1" command used for inside to outside traffic can be used, so all you need is a
global (dmz) 1 ...

No ACL is needed because of the pix default behaviour that allows traffic from inside to dmz and the return traffic by statefull inspection.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
244
burtsbees
burtsbees
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
316
ChrisHirst
ChrisHirst
RodneyMcSnow
  • Locked
  • Question
TZ400 -how to prevent dns attacks
Replies
2
Views
262
RodneyMcSnow
RodneyMcSnow
AndrewTait
  • Locked
  • Question
DNS issue with Firebox Edge X5
Replies
1
Views
147
hairlessupportmonkey
hairlessupportmonkey
pbxnkey
  • Locked
  • Question
Redirect DNS traffic from the inside to the outside
Replies
2
Views
209
pbxnkey
pbxnkey

Part and Inventory Search

Sponsor

Back
Top