[Shorewall-users] Port 113 email issue

Tom Eastep teastep@shorewall.net
Sun, 6 Jan 2002 11:20:09 -0800

On Sunday 06 January 2002 11:04 am, Mike Petro wrote:
> Hi All,
> I am new to Shorewall, and iptables in general, so please excuse any
> lameness. I am running Redhat 7.2, Kernel 2.4.9-13, Shorewall v1.21, an=
> will provide config files available upon request. I am primarily using
> www.sygatetech.com to test the firewall.
> I have just installed Shorewall and have it more or less working
> properly, or at least securely, with the exception of a few unexplained
> inconsistencies.
> I experienced a problem similar to Andy's where "dropping" AUTH/port-11=
> requests was slowing down my email delivery by as much as 30 seconds or
> so. As per the recommendation on this list I tried all of the following
> lines in my rules file:
> ACCEPT=09net=09fw=09tcp=09auth
> REJECT=09net  =09fw=09tcp=09auth
> ACCEPT=09net=09fw=09tcp=09ident
> REJECT=09net  =09fw=09tcp=09ident
> ACCEPT=09net=09fw=09tcp=09113
> REJECT=09net  =09fw=09tcp=09113
> When I do any of the above lines I get a change on port 80. Before
> adding these lines port 80 always showed up as being stealthed (dropped=
> but after adding either of these 2 lines port 80 becomes closed
> (rejected). I am not changing anything else other than the port
> 113/auth/ident line in the  rules file. Why does changing port 113 also
> change port 80? How do I drop port 80 but reject port 113?

I suspect that it is a "feature' of sygatetech's scanning technique -- so=
of these services do things differently depending on what they get back f=
a port 113 scan/request.

What net->fw rules do you have in place?

Tom Eastep    \  teastep@shorewall.net
AIM: tmeastep  \  http://www.shorewall.net
ICQ: #60745924  \  Firewalls for Linux 2.4