Link to home
Create AccountLog in
Avatar of itguy411
itguy411

asked on

Firewalling 101 I need to pass dns, dhcp pxe icmp and ghost but nothing else

I have vlans and am using access-lists.  

We have a vlan 500 that has dns, dhcp pxe icmp and ghost.  We have vlan 200 that is going to be exposed to nasty things like viruses perhaps.  We need to get access to dns, dhcp pxe icmp and ghost on vlan 200  but do not want stuff like virus & attacks to get to vlan 500.

As a test enabled all into vlan 200 and enabled dns & icmp into 500.   I can not ping from 200 to 500

What are the bare minimum ports I need to communicate from dns, dhcp pxe icmp and ghost  ?

Thank you all

D  
ASKER CERTIFIED SOLUTION
Avatar of poweruser32
poweruser32

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of itguy411
itguy411

ASKER

It works until I put in the access list.  When I remove it it starts again.

Confused am I,

Yoda  
try open port 53 anyway for dns and see
I was pinging by ip.  

Now really confused am I.

Yoda

What port is icmp ?  Ping is icmp ?
it is udp right ?