Re: woody firewall broken?

To: "Bernd Eckenfels" <lists@lina.inka.de>
Cc: <debian-firewall@lists.debian.org>
Subject: Re: woody firewall broken?
From: "Davi Leal" <david.leal@ene.es>
Date: Mon, 15 Jul 2002 09:40:11 +0200
Message-id: <[🔎] 004d01c22bd2$da455aa0$0507e0c2@ene.es>
References: <[🔎] 004e01c22976$38bd3940$0507e0c2@ene.es> <[🔎] 20020712164011.GA3620@lina.inka.de>

> On Fri, Jul 12, 2002 at 09:32:05AM +0200, Davi Leal wrote:
> > I think it is due to the nessus checks that we are getting "Deferring
> > messages" from the sendmail server; "Deferred: Connection timed out with
> > mx.terra.es.". What we know by sure is that using again the old firewall
the
> > sendmail server works rightly again.
>
> Well, I dont quite understand what u did and what happened.
>
> Is your new Firewall crashed or not? Have you tried to reboot it? Nessus
> willl most likely not damage your firewall, so rebooting will be enough.

Yes, I think our new firewall is crashed. Of course I have rebooted the
sendmail and firewall hosts. However the sendmail shows the same message. We
are using now the old one and the sendmail works rightly again.

What happened:

[Day 1] The new firewall (woody, 2.4 kernel, ReiserFS) worked rightly. We
realized a check connecting from telephone line via our Radius server and
sent an email rightly. Additionaly we carried out some checks sending emails
and checking the email server log. All was OK.
[Day 2] With the new firewall we carried out a full (sid) nessus check. Of
course it was from outside our ISP.
[Day 3] The sendmail server began to get the above messages.
[Day 3] We rebooted the email server.
[Day 3] We dropped the sendmail package and installed and cofigured it
again.
[Day 3] We rebooted the firewall.
[Day 4] We switched to the old one and the sendmail server got OK again
flushing the 'Deferred queues' showing the 'Sent' word in the logs again.

> I dont think recent 2.2 kernels are vulnerable to stream DOS Attacks. It
> looks more like your ISP Mail Server has blocked you because of the
attack?

As I have noted above the new firewall uses the 2.4 kernel
(netfilter/iptables).

I dont think it is due to the sendmail was broken because it didnt work with
the new firewall, and switching to the old one it begins to work inmediately
again.

Well, I will format and reinstall the new firewall again. I am going to do a
'mondo' backup copy before reintalling so as to check via "mondo difference
reinstalled" what happened in the firewall.

P.D.: Do you know if sendmail uses only 25/tcp?. /etc/services does not
shows any 25/udp.

Regards,
Davi Leal

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: woody firewall broken?
  - From: Nick Busigin <nick@xwing.org>
- Re: woody firewall broken? [I was mistaken ]
  - From: "Davi Leal" <david.leal@ene.es>

References:
- woody firewall broken?
  - From: "Davi Leal" <david.leal@ene.es>
- Re: woody firewall broken?
  - From: Bernd Eckenfels <lists@lina.inka.de>

Prev by Date: Re: woody firewall broken?
Next by Date: Re: woody firewall broken?
Previous by thread: Re: woody firewall broken?
Next by thread: Re: woody firewall broken?
Index(es):
- Date
- Thread