It is very useful to turn on logging of rejected packets. This will
tell you why SMTP is not working and also let you see how many
people out in the world are probing at machines. My home based
linux gateway gets probed a couple of times a day!
My guess is you need to enable local (127.0.0.0) addresses, but
the logging above should tell you for sure.
Brian Beuning
Paul Thomas wrote:
> I know this feed is for diald related items - but I'm sending this on
> the pretense that many users of diald will be able to help.
> As such any help may be better directed to my e-mail directly.
>
> I have a linux machine acting as a DNS, Mail, WWW & Firewall.
>
> I want to restrict certain users from accessing various components.
> So I use the following script:
>
> **************************************************************
> # Flush all the rules
> /sbin/ipfwadm -F -f
> /sbin/ipfwadm -I -f
> /sbin/ipfwadm -O -f
> # Deny everything!
> # /sbin/ipfwadm -F -p deny
> /sbin/ipfwadm -I -p reject
> /sbin/ipfwadm -O -p reject
>
> # Accept local incoming SMTP, POP3 and DNS connections to the server
> # The following works . . .
> /sbin/ipfwadm -I -a accept -P all -S 192.168.1.200 -D 192.168.1.1 -v
> /sbin/ipfwadm -O -a accept -P all -S 192.168.1.1 -D 192.168.1.200 -v
> **************************************************************
>
> At default I reject incoming & outgoing so nothing will get to the linux
> machine. The last two lines allow incoming and outgoing for 1 machine.
> This works fine. The output generated by the '-v' switch is:
>
> **************************************************************
> acc all opt ---- tos 0xFF 0x00 via * 0.0.0.0 192.168.1.200 ->
> 192.168.1.1 n/a
> acc all opt ---- tos 0xFF 0x00 via * 0.0.0.0 192.168.1.1 ->
> 192.168.1.200 n/a
> **************************************************************
>
> Now, if I further qualify my rules to limit it to SMTP with the
> following (i.e. replacing the above two lines with these):
>
> **************************************************************
> #/sbin/ipfwadm -I -a accept -P tcp -S 192.168.1.200 -D 192.168.1.1 25
> -v
> #/sbin/ipfwadm -O -a accept -P tcp -S 192.168.1.1 -D 192.168.1.200 25
> -v
> **************************************************************
>
> which results in the following verbose output:
>
> **************************************************************
> acc tcp opt ---- tos 0xFF 0x00 via * 0.0.0.0 192.168.1.200 ->
> 192.168.1.1 * -> 25
> acc tcp opt ---- tos 0xFF 0x00 via * 0.0.0.0 192.168.1.1 ->
> 192.168.1.200 * -> 25
> **************************************************************
>
> The problem is that I cannot send mail (i.e. SMTP) to the linux server
> (192.168.1.1), I have even tried telneting to port 25 - nothing comes
> back???????
>
> Any suggestions?
>
> TIA
>
> Paul.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
