Vernon Schryver
vjs@calcite.rhyolite.com
Tue Jun 1 18:20:00 UTC 2004
> From: Andy Hilker > I could make (nearly) every server working by putting it on top of > map.txt. But only the first entry in map.txt generates a udp packet > (and gets a reply). > > Any other idea or hint, what i could try? Consider the situation. You make a change outside the DCC code and something stops working. Where is the best place to look for the cause of the problem, in the DCC code or in the outside change? > 212.203.14.116,- anon > # * 212.203.14.116,- EATSERVER ID 1166 > # 100% of 3 requests ok 61.08 ms RTT 43 ms queue wait > > 153.19.44.252,- anon > # 153.19.44.252,- > # not answering > > 136.199.8.61,- anon > # 136.199.8.61,- > # not answering Do you have a firewall of some sort somehow associated with this "jail" that allows only one (synthetic) UDP/IP "session" at a time? That would explain what you are seeing. The FreeBSD "jail" man pages talk about IP addresses, so it seems plausible that some kind of packet filtering or firewalling is involved. http://www.google.com/search?q=jail%20freebsd%20firewall find problems that look similar to yours. Judging from http://docs.freebsd.org/44doc/papers/jail/jail.html http://docs.freebsd.org/44doc/papers/jail/jail-4.html#section4 http://docs.freebsd.org/44doc/papers/jail/jail-5.html#section5 I suspect you have found bugs in FreeBSD jail code. A lot of stuff sold as "security" is snake oil. Many other security mechanisms are not worthwhile. Good security does not involve doing whatever can be done, but consists of measured responses against coherent and specific threat models. What threat model requires running your MTA inside a jail? Vernon Schryver vjs@rhyolite.com
More information about the DCC
mailing list
