hi, isn't nfs 111 (portmap) and 2049 (nfs itself)? i think those ports worked for me. regards, stefan -----Ursprüngliche Nachricht----- Von: Ralf Koch [mailto:info@formel4.de] Gesendet: Donnerstag, 04. Oktober 2001 00:36 An: suse-security@suse.com Betreff: Re: [suse-security] Hi @ll -----> I have problems with my firewall Hi Rüdiger.
On my server a 2.4 kernel with an iptables firewall is running. I have already set up a few rules but there are still problems downloading my emails. It takes about 15 seconds to look if there's mail, without firewall it only takes half a second.
That's the good old port 113 problem. Setup a rule to reject incoming TCP 113 and you are fine with that. (That's kind of a FAQ)
Another problem is that i can reach neither an internal nor an external pc using ssh.
[...] ### SSHserver TCP freigabe! ### iptables -A INPUT -p TCP --dport 22 -j ACCEPT iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT ### SSHserver UDP freigabe! ### iptables -A INPUT -p UDP --dport 22 -j ACCEPT iptables -A OUTPUT -p UDP --sport 22 -j ACCEPT [...]
Ok, your rules allow incoming SSH connections from anywhere to this server. To allow outgoing connections simply enter: iptables -A OUTPUT -p TCP --dport 22 -j ACCEPT iptables -A INPUT -p TCP --sport 22 -j ACCEPT But why do you open Port 22 UDP? I don't remember SSH using UDP connections.
When my firewall is up I can't use the nfs drive.
Ummm. Somebody for the nfs ports? I actually don't remember the correct port numbers....
Who can help me solving these problems???
Hmmm. Having a deeper look on your rules, there's a lot obsolete stuff. Soory for me not helping you with that, but I'm still using ipchains and won't give you wrong answers. Anybody else for cleaning up the iptables configuration? Cheers, Ralf -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com