Re: Firewall: Thoroughly Confused

From: David C. Hart (DCH_at_TQMcube.com)
Date: 11/01/03

  • Next message: David C. Hart: "Test - Disregard" 
    To: Redhat General List <redhat-list@redhat.com>
Date: Sat, 01 Nov 2003 09:46:29 -0500

    On Fri, 2003-10-31 at 21:04, Matthew Galgoci wrote:

    > You can bump up the max connections tracked via the sysctly
    > /proc/sys/net/ipv4/ip_conntrack_max, which defaults to 16352 (at least on my kernel).
    >
    > Think about what would happen if your mail server is doing mail to hundreds of hosts, each
    > connection out or in taking 1 slot in the table, and each mail required multiple dns lookups,
    > each of which requires a connection to be tracked.
    >
    Thanks. An interesting aside that - perhaps - you could comment on was
    offered by an IPTables devotee. His claim is that I caused these
    problems by introducing eth0:1 into the server (I have two interfaces
    with three internal IPs).

    His suggestion was to add the virtual IP through "IP add", avoiding
    ifcfg/ifconfig. Apparently, this method can create multiple IPs on a
    device that are all peers (for lack of a better term).

    In fact, I noticed a consistent inconsistency between NAT and the actual
    incoming interface where the incoming IP was correct but showed up on
    the wrong interface in the logs.

    I find all of this a bit bewildering because - if correct - it means
    that ifconfig is inherently flawed - I think. Frankly I lack the skills
    to fully appreciate or diagnose the matter. If I have some time next
    week, I'll experiment on a laptop. 

    


    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: David C. Hart: "Test - Disregard"

    Relevant Pages

    • Re: Scared as hell with SBS 2003 Exchange
      ... public outside IP address and forwarding them to the outside interface of a Symantec Gateway Security 360 appliance, forwarding those same ports to SBS 2003's internal IP address. ... This same person told me I need to put the Exchange server on the PIX 501 DMZ interface and use a different public IP address just for Exchange. ... I've heard that I need to set up reverse DNS for my public IP address to allow messages being sent to certain domains such as verizon.net, nyc.rr.com, optonline.net, etc. I'm getting messages as follows: ... or send mail through your ISP's own mail server ...
      (microsoft.public.windows.server.sbs)
    • Re: permit same-security-traffic
      ... As long as you don't have any vpn's terminated on an interface that comand doesn't have any effect on the interface itself. ... I have a mail server which resides on one interface of my firewall. ... Mail server's default gateway is the firewall. ...
      (comp.dcom.sys.cisco)
    • Net::SMTP fails connection in CGI
      ... I need an automated e-mailer that attaches a PDF file. ... through the CGI interface, the following error occurs: ... "Failed to connect to mail server: ... CGI interface, it fails. ...
      (comp.lang.perl.misc)
    • Re: How can I set properties of the concrete class while programming a
      ... But each mail server have different properties. ... > And now the user of the interface can change the property value of the ... > concrete class. ... > Sharon G. ...
      (microsoft.public.dotnet.languages.csharp)