[Shorewall-users] Port 113 email issue
Sun, 6 Jan 2002 11:20:09 -0800
On Sunday 06 January 2002 11:04 am, Mike Petro wrote:
> Hi All,
> I am new to Shorewall, and iptables in general, so please excuse any
> lameness. I am running Redhat 7.2, Kernel 2.4.9-13, Shorewall v1.21, an=
> will provide config files available upon request. I am primarily using
> www.sygatetech.com to test the firewall.
> I have just installed Shorewall and have it more or less working
> properly, or at least securely, with the exception of a few unexplained
> I experienced a problem similar to Andy's where "dropping" AUTH/port-11=
> requests was slowing down my email delivery by as much as 30 seconds or
> so. As per the recommendation on this list I tried all of the following
> lines in my rules file:
> REJECT=09net =09fw=09tcp=09auth
> REJECT=09net =09fw=09tcp=09ident
> REJECT=09net =09fw=09tcp=09113
> When I do any of the above lines I get a change on port 80. Before
> adding these lines port 80 always showed up as being stealthed (dropped=
> but after adding either of these 2 lines port 80 becomes closed
> (rejected). I am not changing anything else other than the port
> 113/auth/ident line in the rules file. Why does changing port 113 also
> change port 80? How do I drop port 80 but reject port 113?
I suspect that it is a "feature' of sygatetech's scanning technique -- so=
of these services do things differently depending on what they get back f=
a port 113 scan/request.
What net->fw rules do you have in place?
Tom Eastep \ firstname.lastname@example.org
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ Firewalls for Linux 2.4