At 01:31 AM 12/10/00 -0700, Sean Reifschneider wrote:
>On Sun, Dec 10, 2000 at 02:51:24AM -0500, Steve Manes wrote:
> >Dec 10 01:02:49 meg kernel: Packet log: output REJECT eth0 PROTO=6
> 166.84.147.
> >124:3687 206.26.89.202:25 L=1064 S=0x00 I=46413 F=0x0000 T=64 (#37)
> >Dec 10 01:02:55 meg kernel: Packet log: output REJECT eth0 PROTO=6
> 166.84.147.
> >124:4396 204.242.84.1:25 L=60 S=0x00 I=46421 F=0x0000 T=64 SYN (#37)
> >
> >Any idea what's causing this?
>
>ipchains is blocking incoming connections to port 25/tcp. You know, the
>e-mail port.
I know what port 25 is and, no, it's not blocking incoming connections. It
seems to be blocking outgoing connections. But if you look at the script
you'll see that port 25 is open both ways:
# SMTP server (25)
# ----------------
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR 25 -j ACCEPT
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 25 \
--destination-port $UNPRIVPORTS -j ACCEPT
In fact, the script doesn't firewall any outbound traffic in eth0, only
input. That's why this is weird. The error log throws occasional mentions
about "SYN" (above) so I wonder if it's a problem with that.
> >The problematic firewall script is rather large (25k) so I've posted it on
> >my web server at http://www.magpie.com/work/rc.firewall.html
>
>Yikes! 25KB?!? I have a hard time imagining it being a tenth the size
>of that.
Admittedly, it's huge but I didn't create it by hand. Nevertheless it's a
very thorough script and well commented, and similarly-generated firewall
scripts work very well on my other machines. It's only Qmail that seems to
be having a problem with it.
-----------------------[ http://www.magpie.com ]-------=o&>o-------
Steve Manes
Brooklyn, N'Yawk
