"Brian Chabot" <[EMAIL PROTECTED]> writes: > Of course xinetd is making connections on 110.
Sorry. Of course I meant 113. > The interesting thing I found is this: > ================ > # lsof -r -i tcp:113 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > xinetd 8017 root 0u IPv4 1639491 TCP > myhostname:40587->outside.fqdn.net:auth (SYN_SENT) > ==================== [snip] > Now the only possible setting I know of that might do this is (from > /etc/xinetd.d/ipop3): > log_on_success += USERID > Could this be it? If so, how can I continue to log the userid without > the auth request? Are your PAM settings doing this? What does /etc/pam.d/pop and /etc/pam.d/system-auth look like? > > I'm betting that it is your x?inetd process. > > > Good guess. Now to find out why it works on the LAN connection and > not over the WAN port..... Do you have a (possibly stateless) firewall on the WAN side that filters out TCP SYNs from "non-standard" ports like TCP port 113? Does your iptables setup on the POP3 server drop the incoming SYN/ACK segments that result from the initial TCP SYN? What happens when you temporaryly disable these? Regards, --kevin -- "They can bill me!" - Ripley _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss