From owner-freebsd-questions Sun Mar 16 23:35:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA27317 for questions-outgoing; Sun, 16 Mar 1997 23:35:59 -0800 (PST) Received: from cyclone.degnet.baynet.de (root@cyclone.degnet.baynet.de [194.95.214.129]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA27300 for ; Sun, 16 Mar 1997 23:35:53 -0800 (PST) Received: from nada (ppp2 [194.95.214.132]) by cyclone.degnet.baynet.de (8.6.12/8.6.9) with SMTP id JAA27472; Mon, 17 Mar 1997 09:41:17 +0100 Message-Id: <3.0.32.19970317082830.00c39b70@cyclone.degnet.baynet.de> X-Sender: moos@cyclone.degnet.baynet.de X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 17 Mar 1997 08:28:33 -0100 To: scott@statsci.com From: Darius Moos Subject: Re: SMTP and Firewalls Cc: neil@corpex.com, questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk No that's definately not true for 2.1.5 I've set up a firewall where port 25 is opened for incoming and outgoing connections but port 113 is blocked and it works fine. Neil, how about sending the relevant part of your rc.firewall to the list. Maybe i can help you. Darius Moos. At 17:58 16.03.97 -0800, you wrote: >neil@corpex.com (Neil) wrote: > >> We are using FBSD 2.1.5 with IPFW configured for a mail server. Other than >> the obvious port 25 connections, what else must be opened in the firewall to >> allow SMTP 'sending'. At present we get a 'operation timed out' error as the >> server cannot connect ot an external server. > >Maybe port 113 (the "auth"/"ident") port? I've worked in a setup where the >systems inside the firewall were NOT setup to provide that service, so the >firewall was set to block them. We would get timeouts trying to get to SOME >systems' SMTP daemons. When we opened up the firewall to allow them through, >the connections went through. Our theory was that the remote system was >getting an immediate connection refused after it was opened up, so everything >proceeded just fine. With the firewall blocking them, it appeared as if the >remote systems' SMTP daemons weren't spitting out their '220' welcome message >banners, and our systems (running smail) were hanging waiting for it. > >Or at least, that's how it appeared (we didn't go thru the code or trace >anything to confirm the precise cause). Also, note that this wasn't a 2.1.5 >IPFW firewall, but on obtained from a 3rd party (I THINK it's really a special >purpose Linux box). And we were using smail instead of sendmail. But the >info might be useful nonetheless... > >Scott Blachowicz Ph: 206/283-8802x240 Mathsoft (Data Analysis Products Div) > 1700 Westlake Ave N #500 >scott@statsci.com Seattle, WA USA 98109 >Scott.Blachowicz@seaslug.org > >