Hallo, ich habe bei mir Suse Linux 7.0 mit den Firewall Scripten installiert. Wenn ich nun mit fetchmail meine Mails abholen will dauert das relativ lange ca. (30 Sekunden) bis ueberhaupt eine Verbindung zum Mailserver steht. Ohne aktivierter Firewall geht das in ca. 5 Sekunden. Das gleiche Problem tritt beim Senden von Mails auf nur das es hier noch laenger dauert. HTTP und FTP funktionieren dagegen einwandfrei und auch recht schnell. Hier mal ein Auszug aus /var/log/firewall nach dem Aufruf von Fetchmail: Sep 15 01:38:21 sv1 kernel: OPEN: 192.168.0.99 -> 212.185.248.20 UDP, port: 1024 -> 53 Sep 15 01:38:21 sv1 kernel: ippp0: dialing 1 0191011... Sep 15 01:38:22 sv1 kernel: isdn_net: ippp0 connected Sep 15 01:38:26 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=17 194.25.2.129:53 62.158.112.32:1024 L=268 S=0x00 I=28490 F=0x0000 T=57 (#46) Sep 15 01:38:26 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=60 S=0x00 I=16293 F=0x4000 T=54 (#41) Sep 15 01:38:26 sv1 kernel: Packet log: input REJECT ippp0 PROTO=6 195.222.124.26:4524 62.158.112.32:113 L=60 S=0x00 I=16298 F=0x4000 T=54 SYN (#23) Sep 15 01:38:26 sv1 kernel: Packet log: output DENY ippp0 PROTO=1 62.158.112.32:3 195.222.124.26:3 L=108 S=0xC0 I=288 F=0x0000 T=255 (#3) Sep 15 01:38:29 sv1 kernel: Packet log: input REJECT ippp0 PROTO=6 195.222.124.26:4524 62.158.112.32:113 L=60 S=0x00 I=16425 F=0x4000 T=54 SYN (#23) Sep 15 01:38:29 sv1 kernel: Packet log: output DENY ippp0 PROTO=1 62.158.112.32:3 195.222.124.26:3 L=108 S=0xC0 I=289 F=0x0000 T=255 (#3) Sep 15 01:38:35 sv1 kernel: Packet log: input REJECT ippp0 PROTO=6 195.222.124.26:4524 62.158.112.32:113 L=60 S=0x00 I=16718 F=0x4000 T=54 SYN (#23) Sep 15 01:38:35 sv1 kernel: Packet log: output DENY ippp0 PROTO=1 62.158.112.32:3 195.222.124.26:3 L=108 S=0xC0 I=290 F=0x0000 T=255 (#3) Sep 15 01:38:47 sv1 kernel: Packet log: input REJECT ippp0 PROTO=6 195.222.124.26:4524 62.158.112.32:113 L=60 S=0x00 I=17452 F=0x4000 T=54 SYN (#23) Sep 15 01:38:47 sv1 kernel: Packet log: output DENY ippp0 PROTO=1 62.158.112.32:3 195.222.124.26:3 L=108 S=0xC0 I=291 F=0x0000 T=255 (#3) Sep 15 01:38:52 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=92 S=0x00 I=17945 F=0x4000 T=54 (#41) Sep 15 01:38:52 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=52 S=0x00 I=17951 F=0x4000 T=54 (#41) Sep 15 01:38:52 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=58 S=0x00 I=17952 F=0x4000 T=54 (#41) Sep 15 01:38:52 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=52 S=0x00 I=17959 F=0x4000 T=54 (#41) Sep 15 01:38:53 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=58 S=0x00 I=17986 F=0x4000 T=54 (#41) Sep 15 01:38:56 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=61 S=0x00 I=18162 F=0x4000 T=54 (#41) Sep 15 01:38:56 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=58 S=0x00 I=18163 F=0x4000 T=54 (#41) Sep 15 01:38:56 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=52 S=0x00 I=18164 F=0x4000 T=54 (#41) Sep 15 01:38:56 sv1 kernel: Packet log: input ACCEPT ippp0 PROTO=6 195.222.124.26:110 62.158.112.32:1034 L=52 S=0x00 I=18166 F=0x4000 T=54 (#41) Sep 15 01:39:19 sv1 kernel: isdn_net: local hangup ippp0 Sep 15 01:39:19 sv1 kernel: ippp0: Chargesum is 0 Sep 15 01:39:19 sv1 kernel: ippp, open, slot: 1, minor: 0, state: 0000 Sep 15 01:39:19 sv1 kernel: ippp_ccp: allocated reset data structure c0389000 Sep 15 01:39:19 sv1 kernel: ippp_ccp: freeing reset data structure c2eee000 Und hier noch meine Konfiguration : FW_DEV_WORLD="ippp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_NETS="10.1.1.0/255.255.255.128" FW_MASQ_DEV="ippp0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_GLOBAL_SERVICES="yes" FW_SERVICES_EXTERNAL_TCP="" # Common: smtp domain FW_SERVICES_EXTERNAL_UDP="" # Common: domain FW_SERVICES_DMZ_TCP="" # Common: smtp domain FW_SERVICES_DMZ_UDP="" # Common: domain syslog FW_SERVICES_INTERNAL_TCP="" # Common: ssh smtp domain FW_SERVICES_INTERNAL_UDP="" # Common: domain FW_TRUSTED_NETS="" FW_SERVICES_TRUSTED_TCP="" # Common: ssh FW_SERVICES_TRUSTED_UDP="" # Common: syslog time ntp FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data" FW_ALLOW_INCOMING_HIGHPORTS_UDP="dns" FW_SERVICE_DNS="no" # if yes, FW_SERVICES_*_TCP needs to have port 53 # (or "domain") set to allow incoming queries. # also FW_ALLOW_INCOMING_HIGHPORTS_UDP needs to be "yes" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SAMBA="no" FW_FORWARD_TCP="" # Beware to use this! FW_FORWARD_UDP="" # Beware to use this! FW_FORWARD_MASQ_TCP="" # Beware to use this! FW_FORWARD_MASQ_UDP="" # Beware to use this! FW_REDIRECT_TCP="" FW_REDIRECT_UDP="" FW_LOG_DENY_CRIT="yes" FW_LOG_DENY_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_KERNEL_SECURITY="yes" FW_STOP_KEEP_ROUTING_STATE="yes" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_FW_TRACEROUTE="no" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_MASQ_MODULES="ftp" Ich hoffe das mir jemand weiterhelfen kann da ich langsam an mir selbst zweifle. Jens Knoepchen
participants (1)
-
Jens Knoepchen