Date: Sat, 15 Jun 2002 23:51:22 -0500 From: rahermon@iastate.edu To: <sroberts@dsl.pipex.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: RE: Your earlier maillog post Message-ID: <000301c214f1$797108c0$8404a8c0@TheGetto> In-Reply-To: <1024178619.47848.1.camel@Demon.Strobe.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The short answer is no. The stateful rule structure and the implications
from mixing rule set types is beyond the scope of my knowledge, sorry.
However, it seems that a connection to localhost is being refused and I
assumed a rule is being match, finding that rule may revealed useful
information. Try clearing the counters and then try to telnet to
localhost 25. Look at the counters again and with a little luck the rule
will reveal itself. You can also try mixing the rules just to find out
if in fact the suggested change will fix the problem. If it does then I
am sure a firewall guru in this list will be able to assist in
re-writing the rules in the appropriate type. I will keep following the
thread since the questions you presented are indeed interesting and I am
curious to find the answer.
Regards,
Ramon
> -----Original Message-----
> From: Stacey Roberts [mailto:sroberts@dsl.pipex.com]
> Sent: Saturday, June 15, 2002 5:04 PM
> To: rahermon@iastate.edu
> Cc: FreeBSD-Questions
> Subject: RE: Your earlier maillog post
>
>
> Hi Ramon,
> Thanks for the suggestions.
>
> I've got a couple of questions on those rules you included in
> your last reply.
>
> I use advanced stateful rules on this machine, and what
> you've suggested doesn't appear to be of the same structure
> as the ones I use here. I've always understood that its
> generally a bad idea to mix rule base types. Is this your
> understanding as well?
>
> So then, what I'm asking is if you've any suggestions on
> re-writing these so that they fit into a stateful rule structure.
>
>
>
> On Thu, 2002-06-13 at 03:19, rahermon@iastate.edu wrote:
> > I was looking at the ipfw rules on your post "IPFW error,
> help?" and I
> > did not notice the following which can explain access denied to
> > localhost.
> >
> > # Allow loopbacks, deny imposters
> > ${fwcmd} add 100 pass all from any to any via lo0
> > ${fwcmd} add 200 deny all from any to 127.0.0.0/8
> > # Stop spoofing
> > ${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
> > ${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
> >
> > The above are just after flush on my rules. But my definitions are
> > before, I guess what I am trying to say is that just make sure the
> > above rules are the first rules.
> >
> > Regards,
> > Ramon
> >
> > > -----Original Message-----
> > > From: owner-freebsd-questions@FreeBSD.ORG
> > > [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of
> S. Roberts
> > > Sent: Wednesday, June 12, 2002 1:30 AM
> > > To: rahermon@cs.iastate.edu
> > > Cc: FreeBSD-Questions
> > > Subject: re: Your earlier maillog post
> > >
> > >
> > > Hi,
> > > I stumbled across your post in the archives. I'm seeing
> > > exactly the same formatted messages in the maillog of a box
> > > here as well: Jun 12 07:03:38 <snip> sm-msp-queue[96453]:
> > > g5766juA092113: to=root, delay=4+23:56:53, xdelay=00:00:00,
> > > mailer=relay, pri=22287174, relay=localhost.<snip>.,
> > > dsn=4.0.0, stat=Deferred: Permission denied ~ $
> > >
> > > I wanted to find out if you had gotten an explanation, or
> > > positive response to your query in the end. I tried sending a
> > > query to Sendmail.org but couldn't get any joy there either.
> > >
> > > Do let me know, please
> > > Regards,
> > > Stacey
> > >
> > > ok. Maybe if I take it one step at a time. Can anyone tell me
> > > what this means.
> > >
> > > May 31 15:46:04 FW sm-msp-queue[442]: g4R84JFE000560:
> > > to=root, ctladdr=root (0/0), delay=4+12:41:45,
> > > xdelay=00:00:00, mailer=relay, pri=18390056,
> > > relay=localhost.rhbsd.dhs.org., dsn=4.0.0, stat=Deferred:
> > > Permission denied
> > >
> > > Thaks.
> > > --
> > > Stacey Roberts B.Sc. (HONS) Computer Science
> > > Network Systems Engineer
> > >
> >
> >
> >
> --
> Stacey Roberts B.Sc. (HONS) Computer Science
> Network Systems Engineer
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000301c214f1$797108c0$8404a8c0>