Je viens d'essayer en inversion les port sur INPUT et OUTPUT c'est pas mieux :( Alors voici toute ma configue :
Tout d'abord iptables-save me donne ceci : # Generated by iptables-save v1.2.7a on Fri Apr 4 01:03:20 2003 *filter :INPUT DROP [2:156] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 25 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth1 -j ACCEPT -A OUTPUT -o ppp0 -p tcp -m tcp --sport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Apr 4 01:03:20 2003 # Generated by iptables-save v1.2.7a on Fri Apr 4 01:03:20 2003 *nat :PREROUTING ACCEPT [69:7453] :POSTROUTING ACCEPT [9:519] :OUTPUT ACCEPT [33:1791] -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE COMMIT # Completed on Fri Apr 4 01:03:20 2003 # Generated by iptables-save v1.2.7a on Fri Apr 4 01:03:20 2003 *mangle :PREROUTING ACCEPT [11798:3358141] :INPUT ACCEPT [10974:3300935] :FORWARD ACCEPT [824:57206] :OUTPUT ACCEPT [10935:4638056] :POSTROUTING ACCEPT [11735:4693990] COMMIT # Completed on Fri Apr 4 01:03:20 2003 Ensuite j'ai ouvert ous les ports iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT Et j'ai snif� ma connexion ppp0 avec tcpdump le temps d'envoyer un mail le resultat ci dessous: -> Question c quoi les domaine de 212.27.32.176.domain et c quoi ce port 33055 ?? -> Cela vous eclaire sur la cause de mon pbl? 00:58:30.643515 81.56.211.247.33055 > 212.27.32.176.domain: 46219+ MX? free.fr. (25) (DF) 00:58:30.706593 212.27.32.176.domain > 81.56.211.247.33055: 46219* 9/2/14 MX mrelay3-2.free.fr. 50,[|domain] (DF) 00:58:30.707398 81.56.211.247.33055 > 212.27.32.176.domain: 46220+ A? mx.free.fr. (28) (DF) 00:58:30.768073 212.27.32.176.domain > 81.56.211.247.33055: 46220* 7/2/2 A 213.228.0.1,[|domain] (DF) 00:58:30.768633 81.56.211.247.33055 > 212.27.32.176.domain: 46221+ A? mrelay2-1.free.fr. (35) (DF) 00:58:30.827060 212.27.32.176.domain > 81.56.211.247.33055: 46221* 1/2/2 A 213.228.0.13 (129) (DF) 00:58:30.827558 81.56.211.247.33055 > 212.27.32.176.domain: 46222+ A? mrelay2-2.free.fr. (35) (DF) 00:58:30.886810 212.27.32.176.domain > 81.56.211.247.33055: 46222* 1/2/2 A 213.228.0.131 (129) (DF) 00:58:30.887318 81.56.211.247.33055 > 212.27.32.176.domain: 46223+ A? mx1-1.free.fr. (31) (DF) 00:58:30.949990 212.27.32.176.domain > 81.56.211.247.33055: 46223* 1/2/2 A 213.228.0.65 (125) (DF) 00:58:30.950473 81.56.211.247.33055 > 212.27.32.176.domain: 46224+ A? mrelay3-2.free.fr. (35) (DF) 00:58:31.011810 212.27.32.176.domain > 81.56.211.247.33055: 46224* 1/2/2 A 213.228.0.166 (129) (DF) 00:58:31.012297 81.56.211.247.33055 > 212.27.32.176.domain: 46225+ A? mrelay4-2.free.fr. (35) (DF) 00:58:31.072945 212.27.32.176.domain > 81.56.211.247.33055: 46225* 1/2/2 A 213.228.0.175 (129) (DF) 00:58:31.073430 81.56.211.247.33055 > 212.27.32.176.domain: 46226+ A? mrelay1-1.free.fr. (35) (DF) 00:58:31.132704 212.27.32.176.domain > 81.56.211.247.33055: 46226* 1/2/2 A 213.228.0.1 (129) (DF) 00:58:31.133179 81.56.211.247.33055 > 212.27.32.176.domain: 46227+ A? mrelay1-2.free.fr. (35) (DF) 00:58:31.192453 212.27.32.176.domain > 81.56.211.247.33055: 46227* 1/2/2 A 213.228.0.129 (129) (DF) 00:58:31.192939 81.56.211.247.33055 > 212.27.32.176.domain: 46228+ A? ns1.proxad.net. (32) (DF) 00:58:31.251505 212.27.32.176.domain > 81.56.211.247.33055: 46228* 1/2/2 A 212.27.32.130 (112) (DF) 00:58:31.251952 81.56.211.247.32819 > 213.228.0.175.smtp: S 741887251:741887251(0) win 5808 <mss 1452,sackOK,timestamp 2521513 0,nop,wscale 0> (DF) 00:58:31.309820 213.228.0.175.smtp > 81.56.211.247.32819: S 1140293823:1140293823(0) ack 741887252 win 5792 <mss 1412,sackOK,timestamp 1403596052 2521513,nop,wscale 0> (DF) 00:58:31.309896 81.56.211.247.32819 > 213.228.0.175.smtp: . ack 1 win 5808 <nop,nop,timestamp 2521519 1403596052> (DF) 00:58:31.375071 213.228.0.175.smtp > 81.56.211.247.32819: P 1:30(29) ack 1 win 5792 <nop,nop,timestamp 1403596058 2521519> (DF) 00:58:31.375119 81.56.211.247.32819 > 213.228.0.175.smtp: . ack 30 win 5808 <nop,nop,timestamp 2521525 1403596058> (DF) 00:58:31.375514 81.56.211.247.32819 > 213.228.0.175.smtp: P 1:24(23) ack 30 win 5808 <nop,nop,timestamp 2521525 1403596058> (DF) 00:58:31.439611 213.228.0.175.smtp > 81.56.211.247.32819: . ack 24 win 5792 <nop,nop,timestamp 1403596065 2521525> (DF) 00:58:31.443771 213.228.0.175.smtp > 81.56.211.247.32819: P 30:83(53) ack 24 win 5792 <nop,nop,timestamp 1403596065 2521525> (DF) 00:58:31.443961 81.56.211.247.32819 > 213.228.0.175.smtp: P 24:86(62) ack 83 win 5808 <nop,nop,timestamp 2521532 1403596065> (DF) 00:58:31.509681 213.228.0.175.smtp > 81.56.211.247.32819: P 83:113(30) ack 86 win 5792 <nop,nop,timestamp 1403596072 2521532> (DF) 00:58:31.509998 81.56.211.247.32819 > 213.228.0.175.smtp: P 86:395(309) ack 113 win 5808 <nop,nop,timestamp 2521539 1403596072> (DF) 00:58:31.587987 213.228.0.175.smtp > 81.56.211.247.32819: P 113:141(28) ack 395 win 6432 <nop,nop,timestamp 1403596080 2521539> (DF) 00:58:31.588405 81.56.211.247.32819 > 213.228.0.175.smtp: F 395:395(0) ack 141 win 5808 <nop,nop,timestamp 2521547 1403596080> (DF) 00:58:31.591448 213.228.0.175.smtp > 81.56.211.247.32819: FP 141:164(23) ack 395 win 6432 <nop,nop,timestamp 1403596080 2521539> (DF) 00:58:31.591554 81.56.211.247.32819 > 213.228.0.175.smtp: R 741887646:741887646(0) win 0 (DF) 00:58:31.642904 213.228.0.175.smtp > 81.56.211.247.32819: . ack 396 win 6432 <nop,nop,timestamp 1403596085 2521547> (DF) 00:58:31.642940 81.56.211.247.32819 > 213.228.0.175.smtp: R 741887647:741887647(0) win 0 (DF) Merci de votre aide. Le Jeudi 3 Avril 2003 21:39, Pierre BETOUIN a �crit : > Pardon, faute de frappe (copier/coller), remplace le -i par -o pr le > OUTPUT... > > Ce qui n'allait pas ds ton script pr�c�dent, c'est que tu avais invers� > --source-port et --destination-port... > > Ce qui rentre sur le firewall, et qu'il faut autoriser (dans le INPUT), > c'est les --destination-port 25 (vers ton smtp), tu avais mis > l'inverse... > Et ce qui sort du FW (donc, du srv smtp vers le client), c'est envoy� > par ton smtp, donc par le port 25 d'o� le --source-port 25... > > Voil�. Bonne soir�e. > > Pierre > > Le jeu 03/04/2003 � 16:06, clocard a �crit : > > salut, > > > > Le Jeudi 3 Avril 2003 14:37, Pierre BETOUIN a �crit : > > > iptables -A INPUT -i ppp0 --protocol tcp --destination-port 25 -j > > ACCEPT > > > > # Les paquets entrent sur le 25... > > > > > > iptables -A OUTPUT -i ppp0 --protocol tcp --source-port 25 -j ACCEPT > > > # Les paquets sortent pas le 25... > > > > Or on a deja eu cette proposition : > > > iptables -A OUTPUT -o ppp0 --protocol tcp --source-port 25 -j ACCEPT > > > > Comme le man iptables indique : > > > > -i, --in-interface [!] name > > Name of an interface via which a packet is going to be > > received > > > (only for packets entering the INPUT, FORWARD and > > PREROUTING > > > chains). When the "!" argument is used before the > > interface > > > name, the sense is inverted. If the interface name > > ends in a > > > "+", then any interface which begins with this name > > will match. > > > If this option is omitted, any interface name will > > match. > > > -o, --out-interface [!] name > > Name of an interface via which a packet is going to be > > sent (for > > > packets entering the FORWARD, OUTPUT and POSTROUTING > > chains). > > > When the "!" argument is used before the interface > > name, the > > > sense is inverted. If the interface name ends in a > > "+", then > > > any interface which begins with this name will match. > > If this > > > option is omitted, any interface name will match. > > > > > > alors es-tu sur de ton option -i pour ton interface de sortie ? et si > > oui, > > > alors j'aimerai bien comprendre la difference ... > > XB.
Vous souhaitez acquerir votre Pack ou des Services MandrakeSoft? Rendez-vous sur "http://www.mandrakestore.com";
