Re: [Shorewall-users] localhost being blocked

Sat, 19 Mar 2011 07:36:55 -0700 


On 3/18/11 6:22 PM, hoodcanaljim@u wrote:
>
> Hi
>  I have shorewall/iptables running on my server (pub) but access to
> localhost is blocked then I attemp to use ping localhost, telnet
> localhost 25, echo Hello | sendmail -v root@localhost.   All these
> commands were run after using shorewall reset and creating the 
attached
> file.  All these commands work with shorewall clear.
>
>  My problem is I can't email the root messages from (pub) to (nor) 
where
> they are forwarded on to my mail accounts at my isp.  Any attempt to
> send mail is met with "Connection timed out with [127.0.0.1]".
> Something has change possibly as my fault during changing the smart 
host
> to (nor) from another computer.

Jim,

Somehow, you have managed to install a blanket DNAT rule:

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination
    7   492 DNAT       all  --  *      *       0.0.0.0/0
0.0.0.0/0           to:192.168.1.7

I suspect you have something like this in /etc/shorewall/rules:

#ACTION SOURCE      DEST
DNAT-   $FW     192.168.1.7

Clearly, that is a very bad idea.

-Tom
--
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

#########

Yes I have that. It is whats at the bottom of my rules file.
I remember having changed it when I went from (pri) to
(nor) for my mail forwarding.  Unforgently there were a
couple of other lines there that I deleted and I don't know
what they were.

What should I have there to allow localhost on (pub) and
access to (nor) and (pri)?

Thanks
Jim

Why did the Huskies have to make it so close in the last
minute??


  

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to