Hello all again ...
I followed your advice for DNS and firewalling but it didn't work ... i had to
add (after the first arrow) :
# Par default, interdiction de tout les services
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -O -p accept
/sbin/ipfwadm -I -p accept
# Vider les regles de traces
/sbin/ipfwadm -F -f
/sbin/ipfwadm -O -f
/sbin/ipfwadm -I -f
# Autoriser le traffic DNS sur les 2 serveurs de noms 5 et 12
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 195.115.167.5
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 53 -D 195.115.167.5
ipfwadm -F -a accept -b -P udp -S 0.0.0.0/0 53 -D 195.115.167.12
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 53 -D 195.115.167.12
---> you told me to set tcp too ...
---> but i had to add these following rules :
ipfwadm -F -a accept -b -P udp -S 195.115.167.5 53 -D 0.0.0.0/0
ipfwadm -F -a accept -b -P tcp -S 195.115.167.5 53 -D 0.0.0.0/0
ipfwadm -F -a accept -b -P udp -S 195.115.167.12 53 -D 0.0.0.0/0
ipfwadm -F -a accept -b -P tcp -S 195.115.167.12 53 -D 0.0.0.0/0
--> Why ? -b means bi-directional, no ?
--> can someone tell me why ?
But so far it seems ok on my 2 DNS servers ...
There are still some problem with SMTP.. i will try to be clear (ugh in english
...)
I tested by "telneting" 2 SMTP servers :
mail.ic3w.com (running imailsix on NT) and .toto.com (running Sendmail v8)
In the Firewaling HOWTO for SMTP to allow connections to remote SMTP server :
ipfwadm -F -a accept -b -P tcp -S 195.115.167.5 25 -D 0.0.0.0/0 1024:65535
But did not work and tcpdump on internal interface shows :
ysaha.ic3w.net.28832 > mail.pcestablishment.com.smtp:
mail.pcestablishment.com.smtp > ysaha.ic3w.net.28832
^^^^^^
---> what is this port ?
---> dynamic allocated one ?
---> i saw some of them further (with auth)
... i set up the rule like this then :
ipfwadm -F -a accept -b -P tcp -S 195.115.167.5 1024:65535 -D 0.0.0.0/0 25
---> i dont understand .28832 ?
... it 's almost OK :
without firewall (all rules off), the connection is immediat on both SMTP
servers, but with the firewall, it's takes a long time to the one that running
Sendmail. It's takes almost 30 seconds ...
The difference when the firewall is off is 2 lines like :
nnxfoo.fr.27796 > ysaha.ic3w.net.auth
ysaha.ic3w.net.auth > nnx.foo.fr.27796
---> Is there any authetification and what is this 27796 ?
I had a look in /etc/services and saw "auth 113/tcp". Then i added this 2
rules :
ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D 195.115.167.0/25 113
ipfwadm -F -a accept -b -P tcp -S 195.115.167.0/25 113 -D 0.0.0.0/0 1024:65535
.. works FAR BETTER ... is it good gurus ??
Sorry for this VERY long post. i hope you will forgive me.
If someone can aswer my question, it would be very very nice.
Thank you very much in advance,
Regards,
Vincent Schultz
PS : In the last email Glynn, you talked about recursive request. For me
recursive (like in algorith) is if the DNS server send a request to resolve an
address... to itself !. I get in a program, but not for DNS request. Can you
tell me more please or point me in the right direction. Thank you.
PS2: very hard to try to be a administrator ... ;-)
----------------------------------
E-Mail: [EMAIL PROTECTED]
Date: 19-Oct-98
Time: 01:32:39
----------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
