[fw-wiz] Ipchains blocking Sendmail

From: csobre (csobre@bol.com.br)
Date: 09/17/02

From: "csobre" <csobre@bol.com.br>
To: firewall-wizards@honor.icsalabs.com
Date: Tue Sep 17 13:54:01 2002


I have a linux machine connected to
the internet and to an internal network.
I am running Sendmail and Ipchains.
I have the following rules for
Ipchains on port 25:

   # SMTP server (25)
   # ----------------
   ipchains -A input -i
            --source-port $UNPRIVPORTS \
            -d $IPADDR 25 -j ACCEPT

   ipchains -A input -i
            --source-port $UNPRIVPORTS \
            -d $LOCAL_IPADDR 25 -j ACCEPT

   ipchains -A output -i
            -s $IPADDR 25 \

   ipchains -A output -i
            -s $LOCAL_IPADDR 25 \

The only other ports I also ACCEPT are
53 and 113.

I can send and receive mail inside my
network, but can´t receive or send
E-mail to the internet.
After examining the Messages log there
are many lines with (Connection
refused by server) when sendmail tries
to connect to smtp servers on the

What am I missing here?

Thanks in advance.

AcessoBOL, só R$ 9,90! O menor preço do mercado!
Assine já! http://www.bol.com.br/acessobol

Relevant Pages

  • Re: Intermittent Firewall 15108 Events on SBS2003/ISA2004
    ... This newsgroup only focuses on SBS technical issues. ... of |> the internal network object). ... If the ISA server receives a package with an |> internal IP as source address from the external port, the package would be |> treated as a spoof attack. ... |> 825763 How to configure Internet access in Windows Small Business ...
  • Re: How to get through iptables/NAT, reality and risk calculation
    ... there have been no security issues with the ... # the external interface, and/or the internal one on all ports but 22 tcp ... # so the firewall itself can't talk to anything but the internal network over ... >> accepting traffic from the internet part of an existing connection (with ...
  • 192.168.x.x oddities
    ... and unrouteable on the Internet. ... from within the internal network. ... Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
  • Re: Hyper-V, RAAS woes. . . Please help
    ... From the host I am able to ping www.news.com. ... Can you ping the host's static public IP from the guest? ... > My Hyper-V Guests cannot traverse through NAT to gain internet access. ... Pointed internet network to the internal network ...
  • Re: new to ISA, but not firewalls
    ... the internal network in a direct way, and this is of the things that ISA2004 ... internet and the internal network, however i don't a know why any one would ... Remember if ISA LAT is empty, ... >> include the internal interface IP. ...