[lug] Weird mail/firewall problem
Kevin Fenzi
kevin at scrye.com
Tue Feb 12 20:08:52 MST 2002
>>>>> "Chip" == Chip Atkinson <chip at rmpg.org> writes:
Chip> ... snip...
Chip> In my messages file I'm seeing entries like this:
Chip> Feb 12 19:05:28 poodle kernel: Packet log: input DENY ppp0
Chip> PROTO=6 24.254.60.38:65535 63.173.117.115:65535 L=492 S=0x00
Chip> I=7422 F=0x2042 T=245 (#12)
Chip> ... snipp...
Chip> Huh? It seems that the email timeouts are related to these
Chip> denied packets. The weird thing is that the port is 65535, not
Chip> 25.
Chip> I see these denial messages scrolling by almost as fast as the
Chip> messages in the maillog.
Chip> I'm a bit puzzled and don't want to open up myself
Chip> unnecessarily, but it slmost seems that I'm blocking mail
Chip> throughput.
The trick here is that port 65535 doesn't exist... it's just ipchains
way of telling you that it denied a Fragmented packet...
I seem to remember ipchains having some problems with fragmented
packets from some places. Don't recall why...
You can "fix" it with:
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
which will make it always defrag the packets and should make it work.
Chip> Thanks in advance.
Chip> Chip
kevin
--
Kevin Fenzi
MTS, tummy.com, ltd.
http://www.tummy.com/ KRUD - Kevin's Red Hat Uber Distribution
More information about the LUG
mailing list