Hi,

I have a problem with the NTL servers cache1.ntli.net and cache2.ntli.net and my firewall.

I have a home lan that is on a 192.168 network with one of the PC's on that network connected to NTL Broadband. The two PC's involved in this problem are the one connected to broadband, which is running XP service pack 2 and a server PC on my lan running Win2000 Server. The firewall is ZoneAlarm Pro (latest version). The Win2K server accesses the internet using ICS through the XP machine.

The problem is in using any web browser from the W2K server. The DNS lookup doesn't work, it just times out. Any web browser on the XP machine works ok.

When I look at ZAP logs they show that a UDP packet from cache1.ntli.net port 53 to my port 63353 was blocked 4 or 5 times. Similarly at the same time a series of requests from cache2.ntli.net were also blocked.

If I allow both of the ntli.net hosts to have udp access, then the browser on the W2K server works fine.

My question is what are these ntli.net machines doing? I can guess that they are DNS servers but why do they want access to port 63353 and only when the W2K machine is used.

Is there some other setup that I'm missing so that I don't have to open the firewall up?

TIA

Cliff

Obviously you don't know how dns works. :)

The client (you) sends the dns request as a udp packet from a random port (like 63353) on your machine to port 53 on the dns server - this then sends the reply back to you as another udp packet from it's port 53, back to the previously picked port (63353) on your machine.

If you are blocking these replies (as you appear to be) then your dns lookups will simply fail.

willshcj, have you reconfigured ZAP to tell it that it is running on an ICS machine?

If that does not fix it, then you should configure some rules into ZAP to always allow traffic in from the DNS servers. It is an error for ZAP to be blocking DNS replies.