Hey, For me setting up a firewall should not be part of the qmailtoaster setup process. People can get a hint they should use a firewall but in the end that should be left an admin decision and under their control.
It also caused issues for me a long time ago. Took me a bit to figure out that my rules did not apply and toaster added some of its own. Cheers, Sebastian On 15.11.2012, at 16:01, Eric Shubert <[email protected]> wrote: > There are lines in the firewall.sh script which blocks all traffic from > private address blocks: > > iptables -A INPUT -s 10.0.0.0/8 -i ! lo -j DROP > iptables -A INPUT -s 192.168.0.0/16 -i ! lo -j DROP > > To fix this, I added the following to the firewall.sh script *before* the > above lines: > # shubes 5/16/06 - accept packets from local nets > iptables -A INPUT -s 192.168.20.0/255.255.255.0 -j ACCEPT > iptables -A INPUT -s 192.168.21.0/255.255.255.0 -j ACCEPT > > Substitute you local subnets appropriately. > > > Does anyone have a suggestion how the firewall.sh script might be modified so > this problem doesn't happen to newbs? It happened to me as well, and I think > it's a bit aggravating. > > -- > -Eric 'shubes' > > On 11/15/2012 06:42 AM, Rvaught wrote: >> When I built the new machine , I did not comment out the firewall.sh >> call within the cnt5064-svcs.sh script . >> >> When I stopped IPTABLE service , clients can connect . Should this be >> all I need to change ? >> >> Thanks, >> >> Rick >> >> *From:*Cecil Yother, Jr. [mailto:[email protected]] >> *Sent:* Wednesday, November 14, 2012 9:58 PM >> *To:* [email protected] >> *Subject:* Re: [qmailtoaster] Re: Connection Problems >> >> On 11/14/2012 06:55 PM, Eric Shubert wrote: >> >> On 11/14/2012 05:52 PM, Carlos Herrera Polo wrote: >> >> Have you check firewall rules ? >> >> El nov 14, 2012 5:50 p.m., "Rvaught" <[email protected] >> <mailto:[email protected]> >> <mailto:[email protected]> >> <mailto:[email protected]>> escribió: >> >> I had my Qmail Toaster crash from a failed raid array . I now >> have a >> new mair server setup . I can connect with email clients that are >> on the same subnet with the server Ok. ____ >> >> Other clients on different subnets can not . I have the other >> subnets listed in tcp.smtp the same as the old server . Is there >> some place else I need to adjust .____ >> >> __ __ >> >> __ __ >> >> >> My guess would be a routing problem (outside of QMT). Can they ping >> the QMT host? >> >> I would do a dig too and make sure your DNS resolves. >> >> -- >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
