[Shorewall-users] Port 113 email issue
Sun, 6 Jan 2002 14:04:52 -0500
I am new to Shorewall, and iptables in general, so please excuse any
lameness. I am running Redhat 7.2, Kernel 2.4.9-13, Shorewall v1.21, and
will provide config files available upon request. I am primarily using
www.sygatetech.com to test the firewall.
I have just installed Shorewall and have it more or less working
properly, or at least securely, with the exception of a few unexplained
I experienced a problem similar to Andy's where "dropping" AUTH/port-113
requests was slowing down my email delivery by as much as 30 seconds or
so. As per the recommendation on this list I tried all of the following
lines in my rules file:
ACCEPT net fw tcp auth
REJECT net fw tcp auth
ACCEPT net fw tcp ident
REJECT net fw tcp ident
ACCEPT net fw tcp 113
REJECT net fw tcp 113
When I do any of the above lines I get a change on port 80. Before
adding these lines port 80 always showed up as being stealthed (dropped)
but after adding either of these 2 lines port 80 becomes closed
(rejected). I am not changing anything else other than the port
113/auth/ident line in the rules file. Why does changing port 113 also
change port 80? How do I drop port 80 but reject port 113?
I am also wondering if anyone is aware of a good log parser that can
handle the Shorewall entries in the messages log, preferably something
with reverse DNS lookup and a color enhanced HTML output.
If I claim to be a wise man.....
It surely means that I don't know........