Dave Mischler asks:
>>Should I allow "random" client ports through? What are the security
In article <9303140222 .
COM> mjr @
COM (Marcus J Ranum) writes:
> One implication is that anyone with a tunnelling driver can
>run IP tunnelled through your firewall using NS packets as the
> Yes, I have code that does this. ;)
You need to allow access to port 53 on your DNS server from ANYWHERE
unless you want to preclude many normal maintenance and troubleshooting
activities. (NSLOOKUP for example).
And no, you probably should not allow access to port 53 of other
machines inside to cross the firewall. The above is a good example why.
/ Lars Poulsen, SMTS Software Engineer Internet E-mail: lars @
CMC Network Products / Rockwell Int'l Telephone: +1-805-968-4262
Santa Barbara, CA 93117-3083 TeleFAX: +1-805-968-8256