Cisco IOS can't really provide a true "firewall", just packet filtering, so it's either allow or drop, no other choices.
I can imagine doing a port translation to a local interface for the same effect, but I've never tried it, and it's weird enough for me to have some doubts... Even if it works, it's a bit of overkill for the job. Almost better to let the packets through and let them be refused by the client. > Thanks a lot for a clear explanation! > Our firewall is actually on Cisco 1700 series router. > Does anyone know if there is a way to tell Cisco router to deny it > instead of dropping? This is actually a question to other group, > understand, but maybe someone knows? > > I also found that you may tell courier -noidentlookup and am going to > try it too. > > -----Original Message----- > From: Jesse Keating [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 24, 2002 9:23 PM > To: Vlad Soutyrine > Subject: Re: [courier-users] Re: courier esmtp slowness? > > On Tuesday 24 December 2002 17:41, Vlad Soutyrine uttered: > > I do not remember seeing any mentioning in the documentation that > > courier's smtp server requires 113 port as well. Did I miss > something? > > Where does this come from? What if client does not run identd? > > Actually, I guess, none of my clients run it, but they work fine from > > other, not firewalled, locations. > > Could you refer me to a little more information to read about this? > > It's not so much them needing identd to work, it's more of stupid > firewalls > that drop identd instead of denying. Droping doesn't notify the other > side > that the connection won't happen, so the other side keeps trying and > eventually times out. If the packets were denied, a denial message > would be > sent back, and the other side would quit trying to send such packets, > and go > on about it's business. > > Identd should always be denied instead of dropped. > > -- > Jesse Keating RHCE MCSE > For Web Services and Linux Consulting, Visit --> j2Solutions.net > Mondo DevTeam (www.mondorescue.org) > > Was I helpful? Let others know: > http://svcs.affero.net/rm.php?r=jkeating ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
