[fw-wiz] Ipchains blocking Sendmail

From: csobre (csobre@bol.com.br)
Date: 09/17/02


From: "csobre" <csobre@bol.com.br>
To: firewall-wizards@honor.icsalabs.com
Date: Tue Sep 17 13:54:01 2002

Hi,

I have a linux machine connected to
the internet and to an internal network.
I am running Sendmail and Ipchains.
I have the following rules for
Ipchains on port 25:

   # SMTP server (25)
   # ----------------
   ipchains -A input -i
$EXTERNAL_INTERFACE -p tcp \
            --source-port $UNPRIVPORTS \
            -d $IPADDR 25 -j ACCEPT

   ipchains -A input -i
$LOCAL_INTERFACE_1 -p tcp \
            --source-port $UNPRIVPORTS \
            -d $LOCAL_IPADDR 25 -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $LOCAL_IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

The only other ports I also ACCEPT are
53 and 113.

I can send and receive mail inside my
network, but can´t receive or send
E-mail to the internet.
After examining the Messages log there
are many lines with (Connection
refused by server) when sendmail tries
to connect to smtp servers on the
internet.

What am I missing here?

Thanks in advance.

 
__________________________________________________________________________
AcessoBOL, só R$ 9,90! O menor preço do mercado!
Assine já! http://www.bol.com.br/acessobol



Relevant Pages

  • Re: Intermittent Firewall 15108 Events on SBS2003/ISA2004
    ... This newsgroup only focuses on SBS technical issues. ... of |> the internal network object). ... If the ISA server receives a package with an |> internal IP as source address from the external port, the package would be |> treated as a spoof attack. ... |> 825763 How to configure Internet access in Windows Small Business ...
    (microsoft.public.windows.server.sbs)
  • Re: How to get through iptables/NAT, reality and risk calculation
    ... there have been no security issues with the ... # the external interface, and/or the internal one on all ports but 22 tcp ... # so the firewall itself can't talk to anything but the internal network over ... >> accepting traffic from the internet part of an existing connection (with ...
    (Security-Basics)
  • 192.168.x.x oddities
    ... and unrouteable on the Internet. ... from within the internal network. ... Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
    (Security-Basics)
  • Re: Hyper-V, RAAS woes. . . Please help
    ... From the host I am able to ping www.news.com. ... Can you ping the host's static public IP from the guest? ... > My Hyper-V Guests cannot traverse through NAT to gain internet access. ... Pointed internet network to the internal network ...
    (microsoft.public.windows.server.general)
  • Re: new to ISA, but not firewalls
    ... the internal network in a direct way, and this is of the things that ISA2004 ... internet and the internal network, however i don't a know why any one would ... Remember if ISA LAT is empty, ... >> include the internal interface IP. ...
    (microsoft.public.isa)