2007/8/2, Tom Eastep <[EMAIL PROTECTED]>: > >> Pál Csányi wrote:
> > It's in hungarian language yet. > > > >>> The port 25 is still closed from the internet. :( > >>> > > > rules: > > DNAT net loc:192.168.1.10-192.168.1.98:25 tcp 25 - > > 212.200.112.79 > > Why are you specifying a range of IP addresses? Are you running 89 smtp > servers? You should only be specifying the IP address of the system where > exim is running (192.168.1.98). Because my firewall run a dhcp server and give IP addresses for the subnet systems. How can I know in this case which IP adrress will be assigned to desktop machine? > > I tried now with masq: > > ppp0 eth1 212.200.112.79 > > > > No success. > > If you want us to comment on that entry, we need to see the entire > configuration. Please follow the instructions at > http://www.shorewall.net/support.htm#Guidelines. 3.a. Yes, Shorewall Started Successfully. 3.b. Connection or Traffic Shaping Problem(s)? I think this is a Traffic Problem. 3.c. #/sbin/shorewall dump > /tmp/status.txt 3.d. Post attachment compressed with bzip2. 3.e. My public IP address is 212.200.112.79 with FQDN: csanyi-pal.info My firewall has 3 interfaces: eth0 - internet eth1 - localnet ppp0 - for the pptp VPN tunnel to my ISP. I can't to send mail to mailing lists from my desktop box that is behind firewall, because the remote mailservers can't reach my exim4 for communications (helo - ehlo). This desktop box get dinamic IP address from the firewall, usually 192.168.1.98 I can to browse the internet with Mozilla Firefox. > > - My DNAT rule doesn't match the connection request in some other way. > > We are still not seeing enough here to tell what is going on (other than > your DNAT rule is clearly wrong). > > > How can I use tcpdump to further diagnose the problem? > > tcpdump -ni ppp0 port 25 > > Then try to connect to port 25 from the net. I use for that connect from the internet the simulated attacking mentioned before. Is this right? I haven't any other opportunity to do that. sudo tcpdump -vv -ni ppp0 port 25 --------------------------------------------------------- tcpdump: listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 18:23:54.623436 IP (tos 0x0, ttl 17, id 38548, offset 0, flags [none], proto: UDP (17), length: 38) 195.70.57.5.44458 > 212.200.112.79.25: [udp sum ok] UDP, length 10 18:24:07.007821 IP (tos 0x0, ttl 52, id 42290, offset 0, flags [none], proto: TCP (6), length: 60) 64.233.184.231.40553 > 212.200.112.79.25: S, cksum 0x4056 (correct), 2204265014:2204265014(0) win 5720 <mss 900,sackOK,timestamp 259463438 0,nop,wscale 0> 18:24:10.035117 IP (tos 0x0, ttl 53, id 42291, offset 0, flags [none], proto: TCP (6), length: 60) 64.233.184.231.40553 > 212.200.112.79.25: S, cksum 0x3f2a (correct), 2204265014:2204265014(0) win 5720 <mss 900,sackOK,timestamp 259463738 0,nop,wscale 0> 18:24:15.996353 IP (tos 0x0, ttl 53, id 42292, offset 0, flags [none], proto: TCP (6), length: 60) 64.233.184.231.40553 > 212.200.112.79.25: S, cksum 0x3cd2 (correct), 2204265014:2204265014(0) win 5720 <mss 900,sackOK,timestamp 259464338 0,nop,wscale 0> 18:24:39.996570 IP (tos 0x0, ttl 53, id 42293, offset 0, flags [none], proto: TCP (6), length: 60) 64.233.184.231.40553 > 212.200.112.79.25: S, cksum 0x3372 (correct), 2204265014:2204265014(0) win 5720 <mss 900,sackOK,timestamp 259466738 0,nop,wscale 0> 5 packets captured 5 packets received by filter 0 packets dropped by kernel I hope this help to solve my problem with your help. -- Regards, Paul
status.txt.bz2
Description: BZip2 compressed data
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
