I have SuSEfirewall running on SuSE 6.2. I have noticed in /var/log/messages that when sending mail I get a series (three or four) of denied packets from port 3 on the linux box to port 3 on the receiving mail server, such as:
Jun 6 06:43:01 celebrity kernel: Packet log: output DENY eth0 PROTO=1 xxx.xx.xxx.4:3 208.31.42.43:3 L=108 S=0xC0 I=10508 F=0x0000 T=255 (#3) Jun 6 06:43:03 celebrity kernel: Packet log: output DENY eth0 PROTO=1 xxx.xx.xxx:3 208.31.42.43:3 L=108 S=0xC0 I=10509 F=0x0000 T=255 (#3) Jun 6 06:43:07 celebrity kernel: Packet log: output DENY eth0 PROTO=1 xxx.xx.xxx.4:3 208.31.42.43:3 L=108 S=0xC0 I=10510 F=0x0000 T=255 (#3) Jun 6 06:43:15 celebrity kernel: Packet log: output DENY eth0 PROTO=1 xxx.xx.xxx.4:3 208.31.42.43:3 L=108 S=0xC0 I=10511 F=0x0000 T=255 (#3)
Does anyone know what this is? I can't see port 3 in /etc/services. Should I open it up in the firewall?
Look at the PROTO=1 statement, this means it's an ICMP type 3 packet, not a TCP (PROTO=6) packet for Port 3. ICMP type 3 means "Destination unreachable". Look at RFC 792 for further information about ICMP and these types. Ulf ____________________________________ Ulf Leichsenring Lufthansa Systems AS GmbH Schützenwall 1 D-22844 Norderstedt Tel.: +49-40-5070-7859 Fax: +49-40-5070-7880 mailto:uleichsenring@lhsystemsas.de Internet: http://www.lhsystemsas.de