----- Original Message ----- From: "Tomas Kuliavas" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, October 18, 2005 9:33 PM Subject: Re: [SM-USERS] login very slowly after iptable firewall is on
> >> >>> Dear All: > >> >>> > >> >>> I have installed SquirrelMail 1.4.5 on Redhat Enterprise Server 3.0 > >> and > >> >>> everything is OK untill I enable the iptable firewall. > >> >>> After the firewall is enabled, the login comes out just as usual, > >> but > >> >>> after clicking the login button there is nearly no reponse for > >> about > >> >>> 6~7 minutes for the login result window to comes out. If I stop the > >> >>> iptable firewall everything restores to normal. What's the problem? > >> >>> BTW, my IMAP server is the RedHat built-in IMAP server. > >> >>> > >> >>> The mail server is: http://mail.vigoicu.com:8080 > >> >> > >> >> try unblocking udp/53, tcp/53 and tcp/113 ports. Or use REJECT > >> instead > >> >> of DROP. > >> > > >> > These ports are already open. > >> > >> Show listing of your firewall rules. > >> > >> iptables -L -n > > > The following is the result of iptables -L: > > > > Chain INPUT (policy DROP) > > target prot opt source destination > > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > > ACCEPT tcp -- anywhere anywhere tcp dpt:http > > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp > > ACCEPT tcp -- anywhere anywhere tcp > > dpt:ftp-data > > ACCEPT tcp -- anywhere anywhere tcp dpt:auth > > ACCEPT tcp -- anywhere anywhere tcp dpt:smtp > > ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 > > ACCEPT tcp -- anywhere anywhere tcp dpt:imap > > ACCEPT tcp -- anywhere anywhere tcp > > dpt:webcache > > ACCEPT udp -- anywhere anywhere udp > > spt:domain > > ACCEPT tcp -- anywhere anywhere tcp > > spt:domain > > ACCEPT all -- anywhere anywhere ( iptables -A INPUT > > -i lo -j ACCEPT) > > Please follow same reply style as the one that is used in first reply. It > is hard to follow conversation when you top post. > > Use REJECT and not DROP. When port is closed, standard computer replies > with icmp port unreachable response. If firewall drops connections, it > causes delays that indicate use of firewall. > > Some packets reach end of INPUT table and are dropped by default INPUT > policy. Add 'iptables -A INPUT -j LOG' to your ruleset and check what > packets reach end of table. > > When you design firewall ruleset, ruleset should not depend on policy. > Last rule should set wide match that defines your preferred packet > handling policy. > > -- > Tomas > I get the real reason: it is because of the plug-in virus scan, when I remove this plug-in, everything is OK now. > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > -- > squirrelmail-users mailing list > Posting Guidelines: > http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines > List Address: [email protected] > List Archives: > http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user > List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 > List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
