• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Firewall and Internet Access

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
wpsd.forum
Just Arrived
Just Arrived


Joined: 19 Jul 2010
Posts: 0


Offline

PostPosted: Mon Jul 19, 2010 4:58 am    Post subject: Firewall and Internet Access Reply with quote

Hi I testing a Firewall ( ISA 2006 ) but it produce strange result or perhaps I'm not understand the simple rule

This the network topology

Code:
Firewall
    |
Switch--------DNS Server
    \________ Clients


I allowed an outbound rule with port http,https,and DNS from Clients computer to Outside

Guess what it can't open a single web page

So I create another rule allow all outbound request from DNS Server to Outside voila the Clients can open web pages

To make it smaller I change the rule to allow only DNS from DNS Server to Outside and again the Clients can't open a single web page

From what I understand when we request a page we don't need to connect to our own DNS is that right ?

*Notes: all the port using standard TCP/UDP port number

Moderator note: edited to add code tags - capi
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Tue Jul 20, 2010 1:08 am    Post subject: Re: Firewall and Internet Access Reply with quote

wpsd.forum wrote:
From what I understand when we request a page we don't need to connect to our own DNS is that right ?

When you request a page you need to connect to a DNS resolver. The client OSes typically don't implement their own recursive resolving; instead, they rely on you specifying the IP of a DNS server configured to perform recursive queries.

Assuming a Windows OS, this is what you would specify in the network connection's TCP/IP properties, where it says "DNS servers" or something similar. On a GNU/Linux OS, you would configure this in the /etc/resolv.conf file (assuming your system uses the BIND resolver library, which is almost always the case).

You didn't specify if your DNS server is an authoritative one, a recursive one, or both. Also, you didn't specify which DNS resolver the clients were configured to use. I'll assume it's configured to perform recursive queries, and that the clients are using that server as their resolver, since that fits with your description of the problem.

Allowing the DNS server to connect to external IPs through the DNS port should be sufficient for it to work properly... exactly how did you specify the rule? Are you allowing connections from your DNS server to the outside, to port 53 via UDP and TCP? You need to allow both UDP and TCP.

Also, as a final note, if the clients are indeed using your DNS server as a resolver, then there is no need to allow the clients to connect to outbound DNS -- they will only need to connect to your internal DNS server.
Back to top
View user's profile Send private message
wpsd.forum
Just Arrived
Just Arrived


Joined: 19 Jul 2010
Posts: 0


Offline

PostPosted: Tue Jul 20, 2010 3:36 am    Post subject: Reply with quote

Thanks for the advice

DNS server is an authoritative one, a recursive one, or both ( where do I find this settings in Win Server 2003 ? )

But it Works by just opening dns port and what you say is correct
Quote:
I'll assume it's configured to perform recursive queries, and that the clients are using that server as their resolver, since that fits with your description of the problem.
Back to top
View user's profile Send private message
wpsd.forum
Just Arrived
Just Arrived


Joined: 19 Jul 2010
Posts: 0


Offline

PostPosted: Tue Jul 20, 2010 3:44 am    Post subject: Reply with quote

Another problem though I find that and my guess is the firewall drop a lot of web request

I have 16 clients computer behind my firewall when browsing sometimes the server drop the request and I have to refresh 2 - 3 times before it appear ?

The port I open for browsing is http,https ( default port )

I thought the problem should be in TCP request limit (http using tcp 80) so I set it to bigger simultaneous request such as 1000/min/client.

It doesn't change much.

Does it have a connection with my DNS Server such as it need a lot of resource and TCP request since it use as resolver from many client computer but due to low tcp request limit it keep dropping the request. Is it possible ?

----------------------------------------------------------------------
Firewall -- Win Server 2003 with ISA Server 2006
Client -- Windows XP mostly
DNS -- Win Server 2003
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register