[Shorewall-users] Port 113 email issue

Mike Petro mike@kites.org
Sun, 6 Jan 2002 14:04:52 -0500


Hi All,

I am new to Shorewall, and iptables in general, so please excuse any
lameness. I am running Redhat 7.2, Kernel 2.4.9-13, Shorewall v1.21, and
will provide config files available upon request. I am primarily using
www.sygatetech.com to test the firewall.

I have just installed Shorewall and have it more or less working
properly, or at least securely, with the exception of a few unexplained
inconsistencies. 

I experienced a problem similar to Andy's where "dropping" AUTH/port-113
requests was slowing down my email delivery by as much as 30 seconds or
so. As per the recommendation on this list I tried all of the following
lines in my rules file:
ACCEPT	net	fw	tcp	auth
REJECT	net  	fw	tcp	auth
ACCEPT	net	fw	tcp	ident
REJECT	net  	fw	tcp	ident
ACCEPT	net	fw	tcp	113
REJECT	net  	fw	tcp	113
When I do any of the above lines I get a change on port 80. Before
adding these lines port 80 always showed up as being stealthed (dropped)
but after adding either of these 2 lines port 80 becomes closed
(rejected). I am not changing anything else other than the port
113/auth/ident line in the  rules file. Why does changing port 113 also
change port 80? How do I drop port 80 but reject port 113?

I am also wondering if anyone is aware of a good log parser that can
handle the Shorewall entries in the messages log, preferably something
with reverse DNS lookup and a color enhanced HTML output.

Thanks,

Mike
mike@kites.org 

If I claim to be a wise man..... 
It surely means that I don't know........