Not true. I don't specifically have inbound port 987, open...but I'm quite sure that my named can make outbound connections from any port necessary.
That's because my firewall has the following configured: $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT I'm accepting the return traffic to whichever port opened the outbound connection, so long as that outbound connection is open. On Mon, 18 Feb 2002, Rick Warner wrote: > > > Filtering the port through IPtables is the wrong solution to handling his > port 987 issue. Go back to his original config. He is running DNS > (named). The default config is to use a random port for the query source; > mine always grabs one in the 900 range. In named.conf there is a line > that can be uncommented .... > > // query-source address * port 53; > > that will force named to use port 53 for the query source. > > The best answer to discovering what process is opening what ports is to > use lofs ..... if he uses lofs and searches the output for 987 he will > see that UDP port 987 is opened by named. If he filters that with > IPtables then his DNS will quit functioning. Oooops, not good. The best > solution in this case is to just understand the issue and live with it. > > - rick warner - > > On Mon, 18 Feb 2002, Mike Burger wrote: > > > Actually, there really isn't much in the way of overhead for > > IPtables...the netfilter stuff is already compiled into the kernel...it's > > just acting on the rules. > > > > I've not really seen much in the way of extra processing. > > > > In fact, on my border firewall, running RH7.2 and iptables, my load > > averages are 0.00 across the board. > > > > On Mon, 18 Feb 2002, Steve Lee wrote: > > > > > I got port 587. i commented out the SMTP AUTH > > > in my sendmail.cf. Howver i could not > > > find any solution to port 987. i just made > > > a simple iptables filter for the machine in the meantime. > > > i don't want to run iptables as it will have overhead, > > > but for now i must b/c of this. > > > > > > Thanks. guys. > > > > > > > > > > > > > > > On Mon, 18 Feb 2002, Mike Burger wrote: > > > > > > > It's perfectly useful help. He pointed you at the source for the answer > > > > to your question, from whence you could glean the information you sought. > > > > > > > > The Lord helps those that help themselves. So too goes the help on many a > > > > mailing list. > > > > > > > > Rather than complain that you didn't get spoon fed the information you > > > > wanted, why not thank him for pointing you in the correct direction, and > > > > have at it. The sense of accomplishment you'll feel, after figuring it > > > > out, goes a long way. > > > > > > > > On Mon, 18 Feb 2002 [EMAIL PROTECTED] wrote: > > > > > > > > > What kind of help is this! If you can not do better than > > > > > > > > > > Sendmail. Read the documentation, why bother? > > > > > > > > > > On Sun, 17 Feb 2002, Ashley M. Kirchner wrote: > > > > > > > > > > > Steve Lee wrote: > > > > > > > > > > > > > all of a sudden, i see port 587 and 987 listening. > > > > > > > i have sendmail setup with qpopper with Drac. > > > > > > > > > > > > > > does anyone know what these ports are LISTENING. > > > > > > > how to turn it off ? > > > > > > > > > > > > Sendmail. Read the documentation. > > > > > > > > > > > > > > > > _______________________________________________ > > > > Redhat-list mailing list > > > > [EMAIL PROTECTED] > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > > > > _______________________________________________ > > > Redhat-list mailing list > > > [EMAIL PROTECTED] > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > _______________________________________________ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
