On Thu, 17 Jan 2002, Tal Amir wrote: > On Fri, 18 Jan 2002, guy keren wrote: > > > Date: Fri, 18 Jan 2002 02:07:46 +0200 (EET) > > From: guy keren <[EMAIL PROTECTED]> > > To: Tal Amir <[EMAIL PROTECTED]> > > Cc: Tzafrir Cohen <[EMAIL PROTECTED]>, > > the linux-il mailing list <[EMAIL PROTECTED]> > > Subject: Re: access problem > > > > On Thu, 17 Jan 2002, Tal Amir wrote: > > > > > > telnet your-server 110 > > > > > > > > If and when a (tcp) connection is established, try writing the following: > > > > > > > > USER username > > > > PASS topsecretpasswordinplaintext > > > > QUIT > > > > > > telnet to port's 110 and 25 works. only mail clients cant get to > > > authonticate. this is the most wierd part (?!) > > > > telnet - ok. but did you try doing the rest of what tzafrir suggested - > > i.e. actually emulating an email client over this connection? please > > answer with 'yes, and it worked, and i managed to login to port 110 after > > supplying a valid user and password', or say 'yes, i tried, but it failed > > with this and that error message', or say 'no, i didn't try, i will try > > now'. > > thanks for the options..what would i do without you ? ;) > telnet to port 110 works and authonticates (25 as well) > with a client - nothing. > so this is not a closed port\service problem. > > > > > > > there ARE NO internal interfaces. > > > 1 interface (eth0) with 1 real ip. this machine is in a dmz, and the > > > firewall translates everything to it. this is why its accesible from both > > > internal and external locations, and vice versa (it can access NAT > > > addresses).
How exactly can it access NAT addresses if it is outside the NAT? How are packets from the server to NAT clients routed? > right, but there is a minimal sence of logic in what you try. > and yes - netstat shows the connection ONLY if i try to connect directly > to the port via telnet. > it shows nothing when accessing with a client. Note that a sniffer (like tcpdump) may be able to give you more information. Is it possible that the connections of the mail clients are started, but don't get passed the hand-shaking? Netstat won't show you this (it only shows established connections and outgoin connections) but tcpdump will show you the packets of this failed attempt. > > > > > > > Use netstat -ln --tcp and see if any service listens on an address that is > > > > not 0.0.0.0 (=all interfaces). > > > > that's what tzafrir said - i keep the quote in case you lost the former > > message. > > > > > > * Do packets from the clients get to the server? > > > > Use tcpdump or any other sniffer. This could be a DNS problem or a routing > > > > problem. > > > > > > no routing problem. as i said, i can ping it from the internal LAN. > > > also from outside. > > > this is not the problem. > > > > correct, but it tells you if there is some kind of a block (route, > firewall or whatever) between you and that machine. > if you cant ping it, there is not much change that anything else will get > there. > Please re-read the following: > > > did you check what tzafrir suggested? he didn't say its a routing problem, > > or anything else. pings does not tell you much, other then the fact that > > ping works. it doesn't tell you if other protocols have any problems. Have you totally eliminated DNS issues? Do Is the mail client configured with an IP address? > > > > > > * Have you looked at the logs? Any connection attempts logged? > > > > > > > another thing i forgot to mention : syslogd is running but not logging > > > anything. the last log entry is at the same date when the hard reset > > > acourd. i dont think that there is a connection, but go figure.. > > > > i would suggest you try to solve this problem - having working logs is a > > good start to finding what's wrong, in case the imap server or pop server > > or any other server is trying to log anything. > > > > chekc that you havea /etc/syslogd.conf file, and that it is properly > > configured (i know "i haven't changed anything" - but when nothing realy > > changes, things keep on working. if they don't - something was changed, > > regardless of how it was changed - by manual editing, by file (system) > > corruption, or anything else. And if this fails, stop sysklogd, and run 'syslogd -d' (see syslogd (8)) -- Tzafrir Cohen /"\ mailto:[EMAIL PROTECTED] \ / ASCII Ribbon Campaign Taub 229, 972-4-829-3942, X Against HTML Mail http://www.technion.ac.il/~tzafrir / \ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
