RE: [fw-wiz] Ipchains blocking Sendmail

From: Gautier . Rich (RGautier@drc.com)
Date: 09/17/02 

From: "Gautier . Rich" <RGautier@drc.com>
To: "'csobre'" <csobre@bol.com.br>, <firewall-wizards@honor.icsalabs.com>
Date: Tue Sep 17 19:53:01 2002

External Interface should allow output to destination port 25, source
port any. I think you have it reversed there...

Rich Gautier
Dynamics Research Corp
Personal Website - http://rgautier.tripod.com
Attachment is Public Key for the sender: rgautier@drc.com

-----Original Message-----
From: csobre [mailto:csobre@bol.com.br]
Sent: Tuesday, September 17, 2002 1:51 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Ipchains blocking Sendmail

Hi,

I have a linux machine connected to
the internet and to an internal network.
I am running Sendmail and Ipchains.
I have the following rules for
Ipchains on port 25:

   # SMTP server (25)
   # ----------------
   ipchains -A input -i
$EXTERNAL_INTERFACE -p tcp \
            --source-port $UNPRIVPORTS \
            -d $IPADDR 25 -j ACCEPT

   ipchains -A input -i
$LOCAL_INTERFACE_1 -p tcp \
            --source-port $UNPRIVPORTS \
            -d $LOCAL_IPADDR 25 -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $LOCAL_IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

The only other ports I also ACCEPT are
53 and 113.

I can send and receive mail inside my
network, but can´t receive or send
E-mail to the internet.
After examining the Messages log there
are many lines with (Connection
refused by server) when sendmail tries
to connect to smtp servers on the
internet.

What am I missing here?

Thanks in advance.

 
________________________________________________________________________
__
AcessoBOL, só R$ 9,90! O menor preço do mercado!
Assine já! http://www.bol.com.br/acessobol

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Linux als Router
    ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ...
    (de.comp.os.unix.linux.misc)
  • Re: SharePoint 3.0: problems with external access
    ... "Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ... Port 443 won't work because it is already used by the Default Web Site. ... What you need to do is create a wildcard certificate and use it in ISA. ... The steps to publish WSS 3.0 applications behind ISA 2004 are the same ...
    (microsoft.public.windows.server.sbs)
  • Re: companyweb from RWW
    ... "Could not open connection to the host, on port 23: ... internet should tell the tale, ... Les Connor [SBS Community Member - SBS MVP] ... This site is the default web site. ...
    (microsoft.public.windows.server.sbs)
  • Re: "Offenes" SMTP-Relay mal anders
    ... Port 25/tcp jedes am Internet angeschlossenen Hosts fuer SMTP reserviert ... marmelade von genau diesem brot eine unerwuenschte handlung sei. ...
    (de.comp.security.misc)
  • Re: SharePoint 3.0: problems with external access
    ... Create a new certificate for the WSS 3.0 website? ... "Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ... Port 443 won't work because it is already used by the Default Web Site. ... What you need to do is create a wildcard certificate and use it in ISA. ...
    (microsoft.public.windows.server.sbs)