I'm pretty sure you're right, but I'll have to research how to do an NS lookup from the command line later.
I had to manually edit the pmfirewall.conf file, because when I had it set to automatically detect IPs, it would lock all ports. Same thing happens if I manually enter the IP for the nameserver ns.netriffic.net as OUTERIP and OUTERIP1. The firewall only works if I omit the nameserver IP from the top of the list. SO--what you say makes perfect sense if the nameservers aren't part of the equation. Strange, I haven't had this problem on the other box. I haven't tried placing the nameservers in a different order in the list. Maybe I should give that a try, but I think I need to change the firewall settings first--so it doesn't start from boot. Don't want to lock myself out. OUTERIP=xxx.xxx.xxx.xxx OUTERIP1= xxx.xxx.xxx.xxx OUTERIP2= xxx.xxx.xxx.xxx OUTERIP3= xxx.xxx.xxx.xxx OUTERIP4= xxx.xxx.xxx.xxx OUTERIP5= xxx.xxx.xxx.xxx OUTERIP6= xxx.xxx.xxx.xxx OUTERMASK=255.255.255.0 OUTERNET=$OUTERIP1/$OUTERMASK OUTERNET2=$OUTERIP2/$OUTERMASK OUTERNET3=$OUTERIP3/$OUTERMASK OUTERNET4=$OUTERIP4/$OUTERMASK OUTERNET5=$OUTERIP5/$OUTERMASK OUTERNET6=$OUTERIP6/$OUTERMASK I'll look for info on IPCHAINS and DNS. Any other suggestions? Thanks, Sean -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Network Manager Sent: Monday, April 22, 2002 8:36 PM To: [EMAIL PROTECTED] Subject: RE: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding Hi, One word.. DNS.. is the mail server receiving mail at all or sending mail at all? .. Reason I ask is, if your default input policy is DENY then you need more than tcp/domain port to be open in order for DNS to function. If DNS does not function on the RaQ then mail will not work since you need a valid host name in order for mail to be received or sent. (It wont send because it cant look up the name you want to send it to. It wont receive because of anti-spam rules in the mail server). Try telnetting to the server and doing an NS Lookup. If it succeeds then my theory is wrong. If it times out or fails outright then do a google for DNS issues with IPChains Firewalls (I cant remember what you need exactly for DNS to work but I think its udp/domain) Regards, Michael Kovalik - Network Manager Webdesign105.com Online Solutions -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sean Ward Sent: Tuesday, 23 April 2002 10:02 To: [EMAIL PROTECTED] Subject: [cobalt-security] pmfirewall , IPCHAINS, CDONTS and mail forwarding I installed pmfirewall with this: $IPCHAINS -A input -p tcp -s $REMOTENET -d $OUTERNET 25 -j ACCEPT When pmfirewall is running, the mail won't forward Any clues? _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
