That is exactly why it is not working because you have filtering enabled on
UDP and it is blocking return traffic to your computer from your ISP DNS
server. The only time you would want to enable UDP filtering for port 53
would be if you were running a DNS server. Here is a brief example why it is
not working. Your computer sends a DNS request to your ISP DNS server and
the destination port would be UDP 53 and the source port would be a randomly
assigned port above 1024 on your computer and we will say it is 1055. The
DNS server receives your request and notes that the request came from your
IP address and port 1055 on your computer. The DNS server replies with the
name resolution request and sends it to your IP address port 1055 UDP. When
it reaches your network adapter it is dropped because your network adapter
only allows traffic to port 53 UDP on your computer. Now TCP traffic is
stateful and tcp/ip filtering will allow response traffic [established
session] to your computer that was initiated by your computer but UDP is
not. Unfortunately since there is no way to predict what random port a
computer is going to use you would have to manually populate the UDP allowed
list with up to thousands of IP addresses since you can not specify a range.
Luckily with XP you have the built in Windows Firewall that you can use
which is stateful for UDP traffic. --- Steve
Thanks for reply.
Yes, I mean the TCP/IP filterimg of the network adapter. I set up the
TCP/IP filter propertities to only permits TCP port 80 and port 53 and
UDP ports 80 and port 53.
After reboot the machine, I can only access the Internet by IP number
but not by name.
Just wonder what the problem here?
Thanks,
Thanks for reply, Steven.
Very clear.
Now the question is : How to block a specific IP? (I mean block a
specific IP's UDP and TCP packets)
Thanks,
That is exactly why it is not working because you have filtering
enabled on UDP and it is blocking return traffic to your computer
from your ISP DNS server. The only time you would want to enable UDP
filtering for port 53 would be if you were running a DNS server.
Here is a brief example why it is not working. Your computer sends a
DNS request to your ISP DNS server and the destination port would be
UDP 53 and the source port would be a randomly assigned port above
1024 on your computer and we will say it is 1055. The DNS server
receives your request and notes that the request came from your IP
address and port 1055 on your computer. The DNS server replies with
the name resolution request and sends it to your IP address port
1055 UDP. When it reaches your network adapter it is dropped because
your network adapter only allows traffic to port 53 UDP on your
computer. Now TCP traffic is stateful and tcp/ip filtering will
allow response traffic [established session] to your computer that
was initiated by your computer but UDP is not. Unfortunately since
there is no way to predict what random port a computer is going to
use you would have to manually populate the UDP allowed list with up
to thousands of IP addresses since you can not specify a range.
Luckily with XP you have the built in Windows Firewall that you can
use which is stateful for UDP traffic. --- Steve
Thanks for reply.
Yes, I mean the TCP/IP filterimg of the network adapter. I set up
the TCP/IP filter propertities to only permits TCP port 80 and port
53 and UDP ports 80 and port 53.
After reboot the machine, I can only access the Internet by IP
number but not by name.
Just wonder what the problem here?
Thanks,
Steven L Umbach wrote:
What do you mean by tcp/ip filter? Also keep in mind that a client
computer
uses port 53 UDP/TCP outbound with a random above number 1024 as
the source
port for DNS name resolution traffic. Only DNS servers will use
port 53 TCP/UDP as the source port. If you mean tcp/ip filtering
that you configure
in the properties of the network adapter that will only filter
inbound traffic and a DNS client would be receiving responses from
the DNS server on
the DNS client's source port. --- Steve
I have permit both TCP and UDP port 53 in the TCP/IP Filter. But
it is still blocked the DSN lookup.
Just wonder how to fix this? Thanks for advices!
Thanks for reply, Steven.
Very clear.
Now the question is : How to block a specific IP? (I mean block a
specific IP's UDP and TCP packets)
Thanks,
That is exactly why it is not working because you have filtering enabled
on
UDP and it is blocking return traffic to your computer from your ISP DNS
server. The only time you would want to enable UDP filtering for port 53
would be if you were running a DNS server. Here is a brief example why it
is
not working. Your computer sends a DNS request to your ISP DNS server and
the destination port would be UDP 53 and the source port would be a
randomly
assigned port above 1024 on your computer and we will say it is 1055. The
DNS server receives your request and notes that the request came from
your
IP address and port 1055 on your computer. The DNS server replies with
the
name resolution request and sends it to your IP address port 1055 UDP.
When
it reaches your network adapter it is dropped because your network
adapter
only allows traffic to port 53 UDP on your computer. Now TCP traffic is
stateful and tcp/ip filtering will allow response traffic [established
session] to your computer that was initiated by your computer but UDP is
not. Unfortunately since there is no way to predict what random port a
computer is going to use you would have to manually populate the UDP
allowed
list with up to thousands of IP addresses since you can not specify a
range.
Luckily with XP you have the built in Windows Firewall that you can use
which is stateful for UDP traffic. --- Steve
Thanks for reply.
Yes, I mean the TCP/IP filterimg of the network adapter. I set up the
TCP/IP filter propertities to only permits TCP port 80 and port 53 and
UDP ports 80 and port 53.
After reboot the machine, I can only access the Internet by IP number
but not by name.
Just wonder what the problem here?
Thanks,
Steven L Umbach wrote:
What do you mean by tcp/ip filter? Also keep in mind that a client
computer
uses port 53 UDP/TCP outbound with a random above number 1024 as the
source
port for DNS name resolution traffic. Only DNS servers will use port
53
TCP/UDP as the source port. If you mean tcp/ip filtering that you
configure
in the properties of the network adapter that will only filter inbound
traffic and a DNS client would be receiving responses from the DNS
server
on
the DNS client's source port. --- Steve
I have permit both TCP and UDP port 53 in the TCP/IP Filter. But it
is
still blocked the DSN lookup.
Just wonder how to fix this? Thanks for advices!
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.