[ previous ] [ next ] [ threads ]
 
 From:  Reto Buerki <buerki at swiss dash it dot ch>
 To:  Jeroen Visser <monowall at forty dash two dot nl>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked
 Date:  Tue, 26 Sep 2006 13:36:01 +0200 
> Do you have any issues or do the drops result in errors on the
> mailserver and or in the communication ?
I had some issues where postfix complained about "Tempory alias lookup
failures" while connecting to the ldap server. but they seem to have
disappered by now...still, I have an insecure feeling about this since
this server's gonna be our productive mailserver...

thanks
-reto

Jeroen Visser wrote:
> Reto,
> 
> See this in the manual page.
> http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html
> 
> I had a hard time accepting/believing this, but as for now, all drops I got did
> not result in any network issues. So it must be true. ;-)
> 
> Do you have any issues or do the drops result in errors on the mailserver and or
> in the communication ?
> 
> Regards,
> 
> Jeroen.
> 
> On Tue, 26 Sep 2006 10:49:00 +0200, Reto Buerki wrote
>> Hi List
>>
>> I have a problem regarding a mailserver inside my DMZ (sis2). the
>> mailserver retrieves the data for user auth over LDAP (secured with
>> TLS). I created a rule to allow this specific kind of traffic:
>>
>> <rule>
>>  <type>pass</type>
>>  <interface>opt1</interface>
>>  <protocol>tcp</protocol>
>>  <source>
>>   <address>192.168.X.X</address>
>>  </source>
>>  <destination>
>>   <address>172.24.Y.Y</address>
>>   <port>389</port>
>>  </destination>
>>  <log/>
>>  <escr>Allow LDAP from mailx to pdc</descr>
>> </rule>
>>
>> Every day I have entries in my log like these:
>> 300:1 p sis2 1952 tcp packets from 192.168.X.X to 172.24.Y.Y port 389 
>> (ldap)
>> 0:17 b sis2 78 tcp packets from 192.168.0.5 to 172.24.X.X port 389 (ldap)
>>
>> why are there some packets blocked? I explicitly allowed these kind of
>> packets to pass....
>> the detailled packets look like this:
>> PASS:
>> Sep 26 09:27:35 172.24.Y.Y ipmon[83]: 09:27:35.872910 sis2 @300:1 p
>> 192.168.Y.Y,54979 -> 172.24.X.X,389 PR tcp len 20 60 -S K-S IN
>> BLOCK:
>> Sep 26 08:50:38 172.24.Y.Y ipmon[83]: 08:50:38.256087 sis2 @0:17 b
>> 192.168.Y.Y,39282 -> 172.24.X.X,389 PR tcp len 20 52 -AR IN
>>
>> I just want to make sure this behavior is intended and normal before
>> this server becomes our production server.
>>
>> Thanks for your help
>>
>> Regards
>> Reto
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 

-- 
Reto Bürki
secunet SwissIT AG
Hauptbahnhofstrasse 12
CH - 4501 Solothurn

E-Mail: buerki at swiss dash it dot ch
Tel.:   + 41 32 625 80 45
Fax:    + 41 32 625 80 41

>---- PGP Fingerprint
752C 4EBC 115D 5EAD 75F7
0F34 A0AE 8AD7 3DC3 59DE
>----