> Date: Mon, 17 Mar 2014 18:51:53 +0000
> > From: lf...@cruziero.com (akhiezer)
> > To: BLFS Support List <blfs-support@linuxfromscratch.org>
> > Subject: Re: [blfs-support] iptables again
> >
> >       .
> >       .
> > > > > Richard Melville wrote:
> > > > > > Maybe somebody has the answer to this -- it's only a minor point.
> > > > > >
> > > > > > I've set up msmtp and s-nail on a blfs server; I can send email,
> and
> > > > > > iptables is not blocking them but neither is it recording the
> packets
> > > > > > passed.  When I had this issue before with a different service,
> changing
> > > > > > sport to dport resolved it, but not this time.  I've set the
> ports to 25
> > > > > > and I've also tried 587. Both work, but still no packets
> recorded.
> >
> >
> > (D'you mean the 25/587 wrt mstmp config, or iptables config, or both?)
> >
> >
> > > > >
> > > > > What commands are you trying to run?
> > > > >
> > > > >    -- Bruce
> > > > >
> > > > >
> > > > I'm sending mail to a colleague via my gmail address with:-
> > > >
> > > > cat test.mail |  msmtp -a gmail collea...@company.co.uk
> >
> >
> > Can you set a command-line verbose flag for msmtp to report & log in more
> > detail what it's doing, just to double-check what port(s) it is actually
> > using in practice.
> >
> >
> > > >
> > > > where "gmail" is the name of my account in the .msmtprc file.
> > > >
> > > > As I say, the mail delivery works fine with my colleague receiving
> the
> > > > mail, and I get a copy in my gmail sent items.  However, iptables
> -nvL
> > > > shows "0" in both the pkts and the bytes columns, as if nothing has
> been
> > > > sent.  A minor point I know, but all my other traffic (ntp, http,
> dns, ssh)
> > > > is recorded by iptables in those two columns.
> > > >
> > >
> > >
> > > Are you wanting to show incoming or outgoing traffic, or both, or what?
> > >
> >
> >
> > (OK, I guess from 'sent' that you mean outgoing traffic ... ).
> >
> >
> > > Does your firewall log the traffic for the relevant port numbers and
> > > for the relevant table (~== traffic-flow direction)?
> > >
> >
> >
> > ( s|table|table/chain| ).
> >
> >
> > > Depending on what table you're wanting to see stats for, you might
> > > need to use the '-t' flag for iptables to show the stats for the
> relevant
> > > table. You might also find the '--line-numbers' flag useful - e.g. for
> > > debugging. (And fwiw, I'd normally use the '-x' flag too).
> > >
> >
> >
> > (Long-shot: do try the '-x' - just on the outside chance that omitting
> > it is somehow rounding-down small-values to 0 ).
> >
> >
> > > If the above don't resolve it, then probably good idea to post your
> > > firewall file, plus the literal stats command line (if different from
> the
> > > 'iptables -nvL' posted above).
> > >
> >
> >
> > Maybe worth also doing:
> > --
> > * log the stats immediately pre- test-message;
> > * send test email; perhaps also use/send known-size attachment;
> > * log the stats immediately post- test-message;
> > * diff the pre-/post- stats.
> > --
> > Account for the differences pre-/post-: what caused which traffic;
> > so ideally do the test when non-test network traffic is low/nil; and NB
> > of course that often firewalls are set to only log a subset of traffic
> > (e.g. don't log stuff beyond the first n instances in present connection)
> > - so the byte-amounts logged might be less than the amount sent in your
> > test-email.
> >
> >
> > Overall, of course, it all depends on what firewall setup you've got in
> place.
> >
>
>
> Richard. Did you get this sorted ok?
>
>
> rgds,
> akh
>
>
Yes, sorry for not getting back to you and the others who suggested a
remedy, but I haven't had a chance yet to revisit iptables.  I've just
changed our ISP and I've also been grappling with adding IPv6 support to
the systems, which I'm sure will throw up all sorts of other issues :-(
 I'm hoping to have another look sometime this week and I'll report back.

I really appreciate your concern -- thanks for that.

Richard
-- 
http://linuxfromscratch.org/mailman/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to