On 3/18/11 6:22 PM, [email protected] wrote: > > Hi > I have shorewall/iptables running on my server (pub) but access to > localhost is blocked then I attemp to use ping localhost, telnet > localhost 25, echo Hello | sendmail -v root@localhost. All these > commands were run after using shorewall reset and creating the attached > file. All these commands work with shorewall clear. > > My problem is I can't email the root messages from (pub) to (nor) where > they are forwarded on to my mail accounts at my isp. Any attempt to > send mail is met with "Connection timed out with [127.0.0.1]". > Something has change possibly as my fault during changing the smart host > to (nor) from another computer.
Jim,
Somehow, you have managed to install a blanket DNAT rule:
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
7 492 DNAT all -- * * 0.0.0.0/0
0.0.0.0/0 to:192.168.1.7
I suspect you have something like this in /etc/shorewall/rules:
#ACTION SOURCE DEST
DNAT- $FW 192.168.1.7
Clearly, that is a very bad idea.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
