Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th January 2012, 12:41
amsharma amsharma is offline
Junior Member
 
Join Date: Oct 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default Unable to FTP out or use IMAP of domain webserver

Hello,

I had setup a Mailserver on a Fedora Core 6 system using 'Installing A LAMP System With Fedora Core 6' HOWTO long time back.

Our internal network users are unable FTP to servers outside, nor are they able to check mail on the main domain web cum mail server using IMAP. It seems like all outgoing ports are blocked. I have not setup any firewall like iptables as given in the tutorial and am running the system at runlevel 5. Here is the output of iptables -L.

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I have setup Squid Proxy which users use to browse the web using the default port 3128. Do I need to do something to allow internal network users to access ports in outside world.

Thanks
Amal
Reply With Quote
Sponsored Links
  #2  
Old 18th January 2012, 13:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

I think you need to check your router configuration.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th January 2012, 17:19
epretorious epretorious is offline
Member
 
Join Date: Feb 2010
Location: Truckee, CA
Posts: 33
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via AIM to epretorious Send a message via Yahoo to epretorious Send a message via Skype™ to epretorious
Question

Quote:
Originally Posted by amsharma View Post
I had setup a Mailserver on a Fedora Core 6 system using 'Installing A LAMP System With Fedora Core 6' HOWTO long time back.

Our internal network users are unable FTP to servers outside... It seems like all outgoing ports are blocked.
By "internal network users" do you mean user accounts on the FC6 system or do you mean other host systems (i.e., computers) on the LAN? Are you using your "Mailserver" as a gateway?

Quote:
Originally Posted by amsharma View Post
Here is the output of iptables -L...
Please include the routing table (e.g., `netstat -r` or `/sbin/route -n`).

Quote:
Originally Posted by amsharma View Post
I have setup Squid Proxy which users use to browse the web using the default port 3128.
Are you using your "Mailserver" as a proxy too?
__________________
Eric Pretorious,
Truckee, CA
Reply With Quote
  #4  
Old 18th January 2012, 17:59
amsharma amsharma is offline
Junior Member
 
Join Date: Oct 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by epretorious View Post
By "internal network users" do you mean user accounts on the FC6 system or do you mean other host systems (i.e., computers) on the LAN? Are you using your "Mailserver" as a gateway?
Yes, my mailserver is being used as a gateway and a Proxy too.
Sorry, I should have given you more inputs:
FC6 IP on internal network: 192.9.200.40 - All Windows PCs are on this IP series.
IP connected to Modem: 192.168.1.2
Modem IP: 192.168.1.1

You are right "internal network users" means Windows PCs inside the LAN. I am able to do everything from the FC6 machine (ftp and use Imap etc) but not from any Windows machine on LAN.

Quote:
Originally Posted by epretorious View Post
Please include the routing table (e.g., `netstat -r` or `/sbin/route -n`).
# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.9.200.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default gateway 0.0.0.0 UG 0 0 0 eth1

Quote:
Originally Posted by epretorious View Post
Are you using your "Mailserver" as a proxy too?
Yes

Falko, I will check the router but I think it is some firewall issue as FC6 machine is able to use FTP/Imap to outside world - sorry I didn't specify that earlier. Something to do with Firewall or IP forwarding. iptables is ON for Runlevel 3 but the machine is on 5. Chkconfig for iptables returns:
# chkconfig --list iptables
iptables 0-off 1-off 2-on 3-on 4-on 5-off 6-off
Reply With Quote
  #5  
Old 18th January 2012, 19:47
epretorious epretorious is offline
Member
 
Join Date: Feb 2010
Location: Truckee, CA
Posts: 33
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via AIM to epretorious Send a message via Yahoo to epretorious Send a message via Skype™ to epretorious
Question

Step #1: Are hosts able to ping the IMAP server?

Quote:
Originally Posted by amsharma View Post
Our internal network users are unable FTP to servers outside
Using iptables to enable passive FTP and masquerading requires additional modules. Have you read Chapter 14 of the Linux Home Networking HOWTO? In particular, I recommend reading Section 13 & Section 14.7. Are you sure that hosts are using this system as their default gateway? (What device is serving DHCP on the LAN?)

Quote:
Originally Posted by amsharma View Post
...nor are they able to check mail on the main domain web cum mail server using IMAP.
Please correct+clarify and include more detailed information (e.g., IP address of the IMAP server).
__________________
Eric Pretorious,
Truckee, CA
Reply With Quote
  #6  
Old 19th January 2012, 04:48
epretorious epretorious is offline
Member
 
Join Date: Feb 2010
Location: Truckee, CA
Posts: 33
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via AIM to epretorious Send a message via Yahoo to epretorious Send a message via Skype™ to epretorious
Exclamation

Quote:
Originally Posted by epretorious View Post
Using iptables to enable passive FTP and masquerading requires additional modules. Have you read Chapter 14 of the Linux Home Networking HOWTO? In particular, I recommend reading Section 13 & Section 14.7. Are you sure that hosts are using this system as their default gateway?
After thinking about this for a while, it occurred to me that this system can't possibly be functioning as the segment's gateway if the Netfilter chains are empty. That's when I realized that I hadn't read your original post completely...

Quote:
Originally Posted by amsharma View Post
Do I need to do something to allow internal network users to access ports in outside world.
  1. You'll need to correctly configure your default gateway (i.e., 192.168.1.1).
  2. You'll need to follow the directions in Chapter 14 of the Linux Home Networking HOWTO.
__________________
Eric Pretorious,
Truckee, CA

Last edited by epretorious; 19th January 2012 at 04:57. Reason: Just realized that the author is specifically asking "Is there anything that I need to do..."
Reply With Quote
  #7  
Old 20th January 2012, 15:15
amsharma amsharma is offline
Junior Member
 
Join Date: Oct 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello epretorious,

Yes, you are right, I set up masquerading and it worked.
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 192.9.200.1/24 -o eth1 -j MASQUERADE

But I am unable to understand how come after this setup also the iptables output seems to be show empty. Its like in my first post. I will modify this to open ports selectively.

Thanks
Amal
Reply With Quote
  #8  
Old 20th January 2012, 15:25
amsharma amsharma is offline
Junior Member
 
Join Date: Oct 2007
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Eric,

Just for completeness sake. None of the hosts in my Internal network were able to access my domain IMAP server nor able to ping any host beyond linux server. I had setup the NAT modules to load earlier. The server was not allowing anything to pass through it from the internal network.

Thanks
Amal
Reply With Quote
  #9  
Old 24th January 2012, 04:40
epretorious epretorious is offline
Member
 
Join Date: Feb 2010
Location: Truckee, CA
Posts: 33
Thanks: 3
Thanked 0 Times in 0 Posts
Send a message via AIM to epretorious Send a message via Yahoo to epretorious Send a message via Skype™ to epretorious
 
Default

Quote:
Originally Posted by amsharma View Post
Yes, you are right, I set up masquerading and it worked.
Congratulations!

Quote:
Originally Posted by amsharma View Post
But I am unable to understand how come after this setup also the iptables output seems to be show empty. Its like in my first post. I will modify this to open ports selectively.
I recommend reading Section 6 of Chapter 14 of the Linux Home Networking HOWTO paying special attention to tables versus chains. Another helpful resource, the IPTABLES flowchart, seems to be missing from the HOWTO but can be found in David Baird's "Introduction to iptables".


Quote:
Originally Posted by amsharma View Post
Just for completeness sake. None of the hosts in my Internal network were able to access my domain IMAP server nor able to ping any host beyond linux server. I had setup the NAT modules to load earlier. The server was not allowing anything to pass through it from the internal network.
Does it work now, though?
__________________
Eric Pretorious,
Truckee, CA
Reply With Quote
Reply

Bookmarks

Tags
fc6 setup, fedora core 6 mailserver, outgoing ports blocked, unable to ftp, unable to use ports

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Slow download from own FTP (vsftpd + proftpd) Overcrook Installation/Configuration 0 12th January 2010 21:41
DOMAIN pointing to webserver problem. Sorin Server Operation 5 1st January 2010 12:06
FTP Error joshabts Installation/Configuration 3 4th November 2006 16:19
Domain with numbers unable to create users ppettigrew Tips/Tricks/Mods 6 29th August 2006 07:53
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 13:29


All times are GMT +2. The time now is 00:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.