[Firehol-support] What's Changed?

John Sullivan john at benzo8.org
Fri Oct 12 10:04:27 CEST 2007


Hi, I hope someone can help...

Overnight (it seems) my firehol configuration is blocking my IMAP 
connections *only* via GPRS...

I have not changed anything on my server - firehol.conf or anything 
relating to the IMAP server.

I can connect to IMAP from my laptop, but not now from my mobile 'phone. 
If I stop firehol, I can connect from my mobile.

I assume this is an IP thing, as the GPRS connection will be coming from 
a different IP - in fact, if I connect my mobile to the Internet via my 
home WiFi, I can connect to my IMAP.

Here is my firehol.conf:

#!/sbin/firehol

         blacklist 62.204.35.105

         server_gailssh_ports="tcp/40"
         client_gailssh_ports="default"
         server_ts2webmin_ports="tcp/14534"
         client_ts2webmin_ports="default"
         server_ts2_ennui_ports="udp/8767"
         client_ts2_ennui_ports="default"
         server_ts2_sal_ports="udp/8768"
         client_ts2_sal_ports="default"


interface eth0 internet src not "${UNROUTABLE_IPS}"

         # The default policy is DROP. You can be more polite with REJECT.
         # Prefer to be polite on your own clients to prevent timeouts.
         policy drop

         # If you don't trust the clients behind eth0 (net not 
"${UNROUTABLE_IPS} 83.170.75.128/26"),
         # add something like this.
         # protection strong

         # Here are the services listening on eth0.
         # TODO: Normally, you will have to remove those not needed.
         server ICMP accept
         server daytime accept
#       server gkrellmd accept
         server http accept
         server https accept
         server ident accept
         server imap accept
         server imaps accept
         server pop3 accept
         server pop3s accept
         server smtp accept
         server ssh accept
         server dns accept
#       server time accept
#       server gailssh accept
         server ts2webmin accept
         server ts2_ennui accept
#       server ts2_sal accept

         # The following eth0 server ports are not known by FireHOL:
         #  tcp/10001 tcp/3310 tcp/9 tcp/925 udp/10000 udp/32768 udp/517 
udp/518 udp/9 udp/919 udp/922
         # TODO: If you need any of them, you should define new services.
         #       (see Adding Services at the web site - 
http://firehol.sf.net).

         # The following means that this machine can REQUEST anything 
via eth0.
         # TODO: On production servers, avoid this and allow only the
         #       client services you really need.
         client all accept


Here are a few entries from my syslog showing the blocking taking place:

Oct 12 09:03:00 space kernel: 'IN-unknown:'IN=eth0 OUT= 
MAC=00:0b:6a:f6:b2:d1:00:d0:02:95:74:00:08:00 SRC=77.210.81.30 
DST=83.170.75.135 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=4285 DF PROTO=TCP 
SPT=1307 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 12 09:03:03 space kernel: 'IN-unknown:'IN=eth0 OUT= 
MAC=00:0b:6a:f6:b2:d1:00:d0:02:95:74:00:08:00 SRC=77.210.81.30 
DST=83.170.75.135 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=4286 DF PROTO=TCP 
SPT=1307 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 12 09:03:09 space kernel: 'IN-unknown:'IN=eth0 OUT= 
MAC=00:0b:6a:f6:b2:d1:00:d0:02:95:74:00:08:00 SRC=77.210.81.30 
DST=83.170.75.135 LEN=64 TOS=0x00 PREC=0x00 TTL=112 ID=4287 DF PROTO=TCP 
SPT=1307 DPT=993 WINDOW=65535 RES=0x00 SYN URGP=0


Does anyone have any ideas why this has suddenly stopped working, 
without me making any configuration changes whatsoever? Moreso - how can 
I get it working again?

Thanks in advance,

Me...




More information about the Firehol-support mailing list