Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 9th February 2006, 00:49
Tekorei Tekorei is offline
Junior Member
 
Join Date: Feb 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here it is..


Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:17190
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- 216.55.240.44 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT tcp -- 172.16.128.62 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Last edited by Tekorei; 9th February 2006 at 01:10.
Reply With Quote
Sponsored Links
  #12  
Old 9th February 2006, 11:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by Tekorei
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:domain
I guess this is the line that cause your problem... Can you remove it from your firewall (at least remove 192.168.0.1 so that it reads "anywhere" instead).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #13  
Old 9th February 2006, 18:03
Tekorei Tekorei is offline
Junior Member
 
Join Date: Feb 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
I guess this is the line that cause your problem... Can you remove it from your firewall (at least remove 192.168.0.1 so that it reads "anywhere" instead).
ok, I did it.. and got the same problem

Quote:
Feb 9 16:55:48 myserver postfix/smtp[13521]: 9D951A87EC: to=<recipient@gmail.com>, relay=none, delay=56, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)
This is how iptables is configured now..

Quote:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:17190
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- 216.55.240.44 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dptop3
ACCEPT tcp -- 172.16.128.62 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Reply With Quote
  #14  
Old 9th February 2006, 21:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Then I'd switch off the firewall and re-configure it step for step until the domain resolving doesn't work anymore. If you are at this step, then you know it was the last firewall rule you added. Remove that rule, and you should be fine.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #15  
Old 17th February 2006, 02:48
Tekorei Tekorei is offline
Junior Member
 
Join Date: Feb 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

falko,

is there any PREROUTING or POSTROUTING rule that I should add to my iptables to allowing my LAN for sending outgoing mails?

for now my server does send outgoing mails, but I cant access any external host on port 25 or 110 through my LAN.. or the server himself on port 25/110

this is my current iptables -L:

Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp spt:smtp
ACCEPT     udp  --  anywhere             host33-10.wireless.com.py udp dpt:domain
ACCEPT     udp  --  host33-10.wireless.com.py  host33-10.wireless.com.py udp spt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp spt:domain
ACCEPT     tcp  --  192.168.0.0/24       anywhere            tcp dpt:ssh
ACCEPT     tcp  --  192.168.0.0/24       anywhere            tcp spt:ssh
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp dpt:smtp
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp spt:smtp
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp dpt:pop3
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp dpt:http
ACCEPT     udp  --  anywhere             host33-10.wireless.com.py udp dpt:domain
ACCEPT     udp  --  host33-10.wireless.com.py  host33-10.wireless.com.py udp spt:domain
ACCEPT     udp  --  inet2.telecel.com.py  host33-10.wireless.com.py udp spt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp spt:domain
ACCEPT     tcp  --  inet2.telecel.com.py  host33-10.wireless.com.py tcp spt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp spt:pop3
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp spt:smtp
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp spt:ftp
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py tcp spt:ftp-data
ACCEPT     tcp  --  anywhere             host33-10.wireless.com.py
ACCEPT     all  --  192.168.0.0/24       anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp dpt:smtp
ACCEPT     udp  --  host33-10.wireless.com.py  anywhere            udp spt:domain
ACCEPT     udp  --  host33-10.wireless.com.py  host33-10.wireless.com.py udp dpt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp dpt:domain
ACCEPT     tcp  --  anywhere             192.168.0.0/24      tcp dpt:ssh
ACCEPT     tcp  --  anywhere             192.168.0.0/24      tcp spt:ssh
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp spt:smtp
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp dpt:smtp
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp spt:pop3
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp spt:http
ACCEPT     udp  --  host33-10.wireless.com.py  anywhere            udp spt:domain
ACCEPT     udp  --  host33-10.wireless.com.py  host33-10.wireless.com.py udp dpt:domain
ACCEPT     udp  --  host33-10.wireless.com.py  inet2.telecel.com.py udp dpt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp dpt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  inet2.telecel.com.py tcp dpt:domain
ACCEPT     tcp  --  host33-10.wireless.com.py  host33-10.wireless.com.py tcp dpt:pop3
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp dpt:smtp
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp dpt:ftp
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere            tcp dpt:ftp-data
ACCEPT     tcp  --  host33-10.wireless.com.py  anywhere
ACCEPT     all  --  anywhere             192.168.0.0/24
host33-10.wireless.com.py = my servers host (given by the ISP)
inet2.telecel.com.py = ISP DNS host
Reply With Quote
  #16  
Old 17th February 2006, 10:07
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Hm... I'd simply switch off the complete firewall and then do as I suggested in my previous post. iptables is a very complex topic.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #17  
Old 17th February 2006, 19:11
Tekorei Tekorei is offline
Junior Member
 
Join Date: Feb 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I already do that.. and not working anyway..

the point is that I although had set the firewall to accept all connections on all ports and even so it didn't work.. can't access any host on port 110 or 25

that's why I think there should be some PREROUTING or POSTROUTING line to make it works..
Reply With Quote
  #18  
Old 20th February 2006, 20:27
Tekorei Tekorei is offline
Junior Member
 
Join Date: Feb 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

falko

I apologize.. the problem was on my client host.. I had a symantec client firewall running that was blocking ports 25 and 110

the solution was to add as trusted servers my ISP's mailserver and also my internal mailserver on my firewall program..
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora Core 4 - The Perfect Setup nandhu HOWTO-Related Questions 27 10th January 2006 12:23


All times are GMT +2. The time now is 16:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.