From: Mike P. <mi...@ki...> - 2002-01-06 19:06:29
|
Hi All, I am new to Shorewall, and iptables in general, so please excuse any lameness. I am running Redhat 7.2, Kernel 2.4.9-13, Shorewall v1.21, and will provide config files available upon request. I am primarily using www.sygatetech.com to test the firewall. I have just installed Shorewall and have it more or less working properly, or at least securely, with the exception of a few unexplained inconsistencies. I experienced a problem similar to Andy's where "dropping" AUTH/port-113 requests was slowing down my email delivery by as much as 30 seconds or so. As per the recommendation on this list I tried all of the following lines in my rules file: ACCEPT net fw tcp auth REJECT net fw tcp auth ACCEPT net fw tcp ident REJECT net fw tcp ident ACCEPT net fw tcp 113 REJECT net fw tcp 113 When I do any of the above lines I get a change on port 80. Before adding these lines port 80 always showed up as being stealthed (dropped) but after adding either of these 2 lines port 80 becomes closed (rejected). I am not changing anything else other than the port 113/auth/ident line in the rules file. Why does changing port 113 also change port 80? How do I drop port 80 but reject port 113? I am also wondering if anyone is aware of a good log parser that can handle the Shorewall entries in the messages log, preferably something with reverse DNS lookup and a color enhanced HTML output. Thanks, Mike mi...@ki... If I claim to be a wise man..... It surely means that I don't know........ |