Firewall + Sendmail...how to make them happy...

2004-03-28 Thread JP
Hi,

I have just got my firewall up and running. 
Everything is running great except for inbound
sendmail connections.  It appears my firewall is
blocking port 25 traffic.  I can telnet localhost 25
and it works fine internally.  From the outside world,
all I get is a connection refused.  Can someone tell
me what I am doing wrong please.  Here is a copy of my
firewall config file:

# Define the firewall command (as in /etc/rc.firewall)
for easy reference.
#Helps to make it easier to read.

fwcmd=/sbin/ipfw

# Force a flushing of the current rules before we
reload.

$fwcmd -f flush

# Divert all packets through the tunnel interface.

$fwcmd add divert natd all from any to any via tun0

# Allow all data from my network card and localhost.
Make sure you change
#your network card (mine was xl0) before you reboot.
:)

$fwcmd add allow ip from any to any via lo0
$fwcmd add allow ip from any to any via dc0
$fwcmd add allow ip from any to any via ed0

# Allow all connections that I initiate.

$fwcmd add allow tcp from any to any out xmit tun0
setup

# Once connections are made, allow them to stay open.

$fwcmd add allow tcp from any to any via tun0
established

# Everyone on the internet is allowed to connect to
the following services
#on the machine. This example shows that people may
connect to ssh and
#apache.

$fwcmd add allow tcp from any to any 5800 setup #VNC
Services
$fwcmd add allow tcp from any to any 5900 setup #VNC
Services
$fwcmd add allow tcp from any to any 4661 setup
#Edonkey 2000
$fwcmd add allow tcp from any to any 4662 setup
#Edonkey 2000
$fwcmd add allow udp from any to any 4665 setup
#Edonkey 2000
$fwcmd add allow udp from any to any 11611 setup
#Edonkey 2000
$fwcmd add allow tcp from any to any 1214 setup #Kazaa
$fwcmd add allow tcp from any to any 23 setup
$fwcmd add allow tcp from any to any 80 setup
$fwcmd add allow tcp from any to any 22 setup
$fwcmd add allow tcp from any to any 21 setup
$fwcmd add allow udp from any to any 21 setup
$fwcmd add allow tcp from any to any 110 setup
$fwcmd add allow udp from any to any 110 setup
$fwcmd add allow tcp from any to any 25 setup
$fwcmd add allow udp from any to any 25 setup

# This sends a RESET to all ident packets.

$fwcmd add reset log tcp from any to any 113 in recv
tun0

# Allow outgoing DNS queries ONLY to the specified
servers.

$fwcmd add allow udp from any to xx.xx.x.x 53 out xmit
tun0

# Allow them back in with the answers... :)

$fwcmd add allow udp from xx.xx.x.x 53 to any in recv
tun0

# Allow ICMP (for ping and traceroute to work). You
may wish to disallow
#this, but I feel it suits my needs to keep them in.

$fwcmd add 65435 allow icmp from any to any

# Deny all the rest.

$fwcmd add 65435 deny log ip from any to any





__
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: Firewall + Sendmail...how to make them happy...

2004-03-28 Thread Remko Lodder
Hi JP,

JP wrote:
Hi,

I have just got my firewall up and running. 
Everything is running great except for inbound
sendmail connections.  It appears my firewall is
blocking port 25 traffic.  I can telnet localhost 25
and it works fine internally.  From the outside world,
all I get is a connection refused.  Can someone tell
me what I am doing wrong please.  Here is a copy of my
firewall config file:
did you try `netstat -an |grep -i list` ? if there is an 127.0.0.1:25 
listening then only localhost is listening on the sendmail interface. I 
though that it was a setting in the default install.
You should look for freebsd.mc and edit the listen settings there and 
build a new cf file...

Cheers

Kind regards,

Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl A Dutch community for helping newcomers on the 
hackerscene
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]