Firewall problem

Discussion in 'Installation/Configuration' started by davidg, Aug 14, 2005.

  1. davidg

    davidg New Member

    I can Telnet from localhost to port 25, but not from a remote computer. Also I can telnet on port 110 local and remote no problem. My server is behind a router, but the server is in a dmz so I do not think that is blocking. Also if I re-start the server I have to manually start the firewall from the ispconfig control panel. Thanks for your help.

    I believe its a firewall issue. Here is the output from iptables -L

    Chain INPUT (policy DROP)
    target prot opt source destination
    DROP tcp -- anywhere 127.0.0.0/8
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    PUB_IN all -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere
    PUB_OUT all -- anywhere anywhere

    Chain INT_IN (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain INT_OUT (0 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere
    ACCEPT all -- anywhere anywhere

    Chain PAROLE (9 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain PUB_IN (3 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere icmp echo-reply
    ACCEPT icmp -- anywhere anywhere icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    PAROLE tcp -- anywhere anywhere tcp dpt:ftp
    PAROLE tcp -- anywhere anywhere tcp dpt:ssh
    PAROLE tcp -- anywhere anywhere tcp dpt:smtp
    PAROLE tcp -- anywhere anywhere tcp dpt:domain
    PAROLE tcp -- anywhere anywhere tcp dpt:http
    PAROLE tcp -- anywhere anywhere tcp dpt:81
    PAROLE tcp -- anywhere anywhere tcp dpt:pop3
    PAROLE tcp -- anywhere anywhere tcp dpt:https
    PAROLE tcp -- anywhere anywhere tcp dpt:10000
    ACCEPT udp -- anywhere anywhere udp dpt:domain
    DROP icmp -- anywhere anywhere
    DROP all -- anywhere anywhere

    Chain PUB_OUT (3 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
     
  2. till

    till Super Moderator

    The iptables output looks fine so far.

    If you stop the ISPConfig firewall by executing

    Code:
    ./bastille_firewall stop
    in your init script directory, can you then reach port 25 from a remote computer?
     
  3. davidg

    davidg New Member

    I stopped the firewall and could not login through telnet on port 25 from remote computer. Maybe its Postfix not working.

    Thank you for your help.
     
  4. till

    till Super Moderator

    Have you configured postfix to listen on all network interfaces?

    execute:

    Code:
    postconf -e 'inet_interfaces = all'
    then restart postfix:

    Code:
    /etc/init.d/postfix restart
     
  5. davidg

    davidg New Member

    yes postfix is configured to listen on all interfaces.
    I restarted the server.
    This worked before but I bet my provider is blocking port 25 now, I will find out on Monday if they are blocking port 25.

    Thanks for your help.
     

Share This Page