IP security -- filtering TCP/UDP ports
Posted on 1998-03-28
I'm the admin of a small NT network. There's these machines that I need to block access to certain ports to (including quake 27500 and maybe www 80).
So what I did was --- in the TCP/IP protocol tab, under "advanced", I clicked on "enable security" and configured it to allow certain port numbers (which I deemed necessary).
Now, the problem is ... I need DNS to work. It worked before I started mucking with the TCP security. Anyway, as according to RFC 1700, I included port 53 in the list of "allow"ed ports in both TCP and UDP. After rebooting, the stupid system refuses to resolve domain names properly.
Some other pointers that might help in the diagnosis are: I did enable port 23 and port 7 ... so telnet (from the test machine to my Linux box) and ping (both to and from the test machine) do work. my dns servers are big unix monsters 'upstream' from my domain. and dns works again if i disable the security and reboot.
Can you tell me why DNS won't work on NT with TCP security enabled but with TCP/UDP port 53 "allowed"? Has MS implemented some funky way of resolving domain names that circumvents the open standard? Most importantly, *how* do I go about getting this to WORK?