refused, what service that I must set to make port 113 run ?
If you get an *immediate* connection refused, then that's not your problem, because that's what you'll also get when IPF is not running (you can try this to verify). Usually the identd service runns on port 113, which is started out of the inetd superdeamon. But as I said, if you're getting an immediate connection refused, then this isn't your problem because the SMTP server would get the same thing and then go on.
See, the USUAL problem with slow SMTP is that the process is:
1. Firewalled machine makes SMTP request 2. SMTP server hits IDENTD port, but packet gets dropped 3. SMTP server has to wait for TCP timeout 4. SMTP server carries on
With no firewall its
1. Machine makes SMTP request
2. SMTP server hits IDENTD port, connection is refused (actually "reset") because nothing is listening on that port
3. SMTP server carries on
So, to get around the problem we make the firewall pretend like its not there by sending a Reset (RST) on port 113. This tells the SMTP server nothing is listening on that port, and it carries on with the rest of the process.
However, if you are already doing that, then that is not your problem.
So lets look at your rules again... hold on...
OH!!! You're firewalling the SMTP server!!! Add a rule like
pass out quick on eri0 proto tcp from any to any port = 113 flags S keep state keep frags
You want to go OUT on the identd port...
Try that and see how it goes.
-- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759
pgp00000.pgp
Description: PGP signature
