Filtering the port through IPtables is the wrong solution to handling his
port 987 issue. Go back to his original config. He is running DNS
(named). The default config is to use a random port for the query source;
mine always grabs one in the 900 range. In named.conf there is a line
that can be uncommented ....
// query-source address * port 53;
that will force named to use port 53 for the query source.
The best answer to discovering what process is opening what ports is to
use lofs ..... if he uses lofs and searches the output for 987 he will
see that UDP port 987 is opened by named. If he filters that with
IPtables then his DNS will quit functioning. Oooops, not good. The best
solution in this case is to just understand the issue and live with it.
- rick warner -
On Mon, 18 Feb 2002, Mike Burger wrote:
> Actually, there really isn't much in the way of overhead for
> IPtables...the netfilter stuff is already compiled into the kernel...it's
> just acting on the rules.
>
> I've not really seen much in the way of extra processing.
>
> In fact, on my border firewall, running RH7.2 and iptables, my load
> averages are 0.00 across the board.
>
> On Mon, 18 Feb 2002, Steve Lee wrote:
>
> > I got port 587. i commented out the SMTP AUTH
> > in my sendmail.cf. Howver i could not
> > find any solution to port 987. i just made
> > a simple iptables filter for the machine in the meantime.
> > i don't want to run iptables as it will have overhead,
> > but for now i must b/c of this.
> >
> > Thanks. guys.
> >
> >
> >
> >
> > On Mon, 18 Feb 2002, Mike Burger wrote:
> >
> > > It's perfectly useful help. He pointed you at the source for the answer
> > > to your question, from whence you could glean the information you sought.
> > >
> > > The Lord helps those that help themselves. So too goes the help on many a
> > > mailing list.
> > >
> > > Rather than complain that you didn't get spoon fed the information you
> > > wanted, why not thank him for pointing you in the correct direction, and
> > > have at it. The sense of accomplishment you'll feel, after figuring it
> > > out, goes a long way.
> > >
> > > On Mon, 18 Feb 2002 [EMAIL PROTECTED] wrote:
> > >
> > > > What kind of help is this! If you can not do better than
> > > >
> > > > Sendmail. Read the documentation, why bother?
> > > >
> > > > On Sun, 17 Feb 2002, Ashley M. Kirchner wrote:
> > > >
> > > > > Steve Lee wrote:
> > > > >
> > > > > > all of a sudden, i see port 587 and 987 listening.
> > > > > > i have sendmail setup with qpopper with Drac.
> > > > > >
> > > > > > does anyone know what these ports are LISTENING.
> > > > > > how to turn it off ?
> > > > >
> > > > > Sendmail. Read the documentation.
> > >
> > >
> > >
> > > _______________________________________________
> > > Redhat-list mailing list
> > > [EMAIL PROTECTED]
> > > https://listman.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> >
> >
> > _______________________________________________
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
