Re: woody firewall broken?

To: "Richard A Nelson" <cowboy@debian.org>
Cc: "Nick Busigin" <nick@xwing.org>, <debian-firewall@lists.debian.org>
Subject: Re: woody firewall broken?
From: "Davi Leal" <david.leal@ene.es>
Date: Thu, 18 Jul 2002 11:48:39 +0200
Message-id: <[🔎] 001c01c22e40$590241e0$0507e0c2@ene.es>
References: <[🔎] Pine.LNX.4.44.0207161603040.2834-100000@badlands.lexington.ibm.com>

> > Maybe, I'm not sure, some remote MTAs, for example smtp.navegalia.com,
uses
> > UDP connections. You can try "telnet smtp.navegalia.com 25" behind a
> > firewall which filter the udp connection.
>
> Eh?
> $ telnet smtp.navegalia.com 25
> Trying 212.73.32.155...
> Connected to smtp.airtel.net.
> Escape character is '^]'.
> 220 ESMTP service
>
> It answers TCP, I know of no MTA (or MUA) that uses UDP...

Well, I have removed the iptables rule allowing the UDP/25 packets and it
works OK. It seems you are right again.


> If you're having firewall problems then most likely:
> *) TCP port 25 is not allowed

> *) TCP port 113 (AUTH) is not allowed (it should be REJECTED, a
>    DROP will result in some remote MTA timeouts as they try to
>    issue AUTH requests)

I have added the iptables filter:
iptables -A FORWARD -p tcp -d 194.224.7.3 --dport 112 -j REJECT



-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: woody firewall broken?
  - From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>

References:
- Re: woody firewall broken?
  - From: Richard A Nelson <cowboy@debian.org>

Prev by Date: Re: woody firewall broken?
Next by Date: Re: woody firewall broken?
Previous by thread: Re: woody firewall broken?
Next by thread: Re: woody firewall broken?
Index(es):
- Date
- Thread