I've spent the last 24 hours or so trying to work out why a vast portion of the internet couldn't get mail through to me since I installed an Astaro box in front of the last corner of my network (I'm now totally ASL protected [:)]
To cut a long story short, I finally realised that the cause was actually the filter rule permitting Any to Name Servers for DNS ... where DNS is statically configured to be
TCP/UDP 1024:65535 53
Since the introduction of Bind 8, BIND now defaults to a source port of 53 (or at least can be configured as such)....
Hence, the ASL box was catching any DNS requests from port 53 as they were outside the 1024:65535 bracket ....
I've created a new service called BIND TCP/UDP 0:65535 53 ... and mail is once again flowing.
Think this might be worth fixing in an update rsn [:)]
Cheers guys ... fantastic product never the less [:)]
Guest User!
You are not Sophos Staff.
