This was the solution!! When I allowed access to the DNS port (53), I
specified destination only (-d 0/0). Adding another rule for the source did
the trick!! Thanks big time!
Doug
> From: "Aijaz A. Ansari" <[EMAIL PROTECTED]>
> Date: Tue, 18 Jul 2000 09:07:47 -0500
> To: Doug Oucharek <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Subject: Re: IPCHAINS and slow POP/SMTP access
>
> On Tue, Jul 18, 2000 at 01:08:36AM -0700, Doug Oucharek wrote:
> ...
>> I've got Qmail running just great for both SMTP and POP!! However, as soon
>> as I activate my firewall (using ipchains), sending or receiving email from
>> a local machine takes over 3 minutes!!
>>
>> In the archives, some people have speculated that this is a DNS issue or a
>> problem with auth. I have TCP port 113 (auth) opened to the world (local
> ...
>
> I have had similar problems for one of two reasons:
> a) DNS lookups were failing because port 53 was blocked out (make sure to
> include UDP packets as well)
>
> ipchains -A bad-dmz -s 0/0 53 -p tcp -j ACCEPT
> ipchains -A bad-dmz -s 0/0 53 -p udp -j ACCEPT
> b) ICMP messages were being blocked.
>
> ipchains -A forward -p icmp -j ACCEPT
>
> I don't remember, but I think this is mentioned in the ipchains HOWTO at
> http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
>
> Hope this helps.
>
> Aijaz.
>
>
> --
> === = Aijaz Ansari. ENoor Creations, Inc.
> ====== Internet Software and Hosting
> = === www.enoor.com 847-980-1601
>
>
>
>
>
