port address translation

Robbie Parrant robbiep at zipmail.com.br
Sat Nov 27 20:46:06 UTC 1999

I got this from the admin at another site that can't see my site. When
one of their users tries to get to my site (mail, www, ftp), it's like
it is completely down. Their traceroutes to us go nowhere, and we see
no packets coming in from them. Noone else has this problem getting to
my site. I run BIND 4 on Solaris. I run dns on 53 and smtp on 25.

What RFCs is this guy talking about? I looked through them, and nothing
seemed to apply.

> The problem is that we do PAT on our firewall and when you request a
> resolution to zzz.com it sends the request out with a src port of
> anywhere between 5000-65000. Standard DNS request are normally src'ed
> port 25. It is apparent that zzz.com considers dns request src'ed with
> anything but port 25 a security risk. This is the same Issue that we
> with apple.com, worldcom.com...at that time it was
> considered an issue with the vendors and if they chose not to comply
> RFC's that govern PAT protocol it would be their choice.

* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!

More information about the bind-users mailing list