HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   Firewall problem (http://www.howtoforge.com/forums/showthread.php?t=252)

davidg 14th August 2005 11:02

Firewall problem
 
I can Telnet from localhost to port 25, but not from a remote computer. Also I can telnet on port 110 local and remote no problem. My server is behind a router, but the server is in a dmz so I do not think that is blocking. Also if I re-start the server I have to manually start the firewall from the ispconfig control panel. Thanks for your help.

I believe its a firewall issue. Here is the output from iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (9 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:http
PAROLE tcp -- anywhere anywhere tcp dpt:81
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:10000
ACCEPT udp -- anywhere anywhere udp dpt:domain
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

till 14th August 2005 12:24

Quote:

Originally Posted by davidg
I can Telnet from localhost to port 25, but not from a remote computer. Also I can telnet on port 110 local and remote no problem. My server is behind a router, but the server is in a dmz so I do not think that is blocking. Also if I re-start the server I have to manually start the firewall from the ispconfig control panel. Thanks for your help.

The iptables output looks fine so far.

If you stop the ISPConfig firewall by executing

Code:

./bastille_firewall stop
in your init script directory, can you then reach port 25 from a remote computer?

davidg 14th August 2005 13:14

I stopped the firewall and could not login through telnet on port 25 from remote computer. Maybe its Postfix not working.

Thank you for your help.

till 14th August 2005 14:09

Quote:

Originally Posted by davidg
I stopped the firewall and could not login through telnet on port 25 from remote computer. Maybe its Postfix not working.

Thank you for your help.

Have you configured postfix to listen on all network interfaces?

execute:

Code:

postconf -e 'inet_interfaces = all'
then restart postfix:

Code:

/etc/init.d/postfix restart

davidg 14th August 2005 14:15

yes postfix is configured to listen on all interfaces.
I restarted the server.
This worked before but I bet my provider is blocking port 25 now, I will find out on Monday if they are blocking port 25.

Thanks for your help.


All times are GMT +2. The time now is 18:04.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.