>> >>> Dear All: >> >>> >> >>> I have installed SquirrelMail 1.4.5 on Redhat Enterprise Server 3.0 >> and >> >>> everything is OK untill I enable the iptable firewall. >> >>> After the firewall is enabled, the login comes out just as usual, >> but >> >>> after clicking the login button there is nearly no reponse for >> about >> >>> 6~7 minutes for the login result window to comes out. If I stop the >> >>> iptable firewall everything restores to normal. What's the problem? >> >>> BTW, my IMAP server is the RedHat built-in IMAP server. >> >>> >> >>> The mail server is: http://mail.vigoicu.com:8080 >> >> >> >> try unblocking udp/53, tcp/53 and tcp/113 ports. Or use REJECT >> instead >> >> of DROP. >> > >> > These ports are already open. >> >> Show listing of your firewall rules. >> >> iptables -L -n
> The following is the result of iptables -L: > > Chain INPUT (policy DROP) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > ACCEPT tcp -- anywhere anywhere tcp dpt:http > ACCEPT tcp -- anywhere anywhere tcp dpt:ftp > ACCEPT tcp -- anywhere anywhere tcp > dpt:ftp-data > ACCEPT tcp -- anywhere anywhere tcp dpt:auth > ACCEPT tcp -- anywhere anywhere tcp dpt:smtp > ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 > ACCEPT tcp -- anywhere anywhere tcp dpt:imap > ACCEPT tcp -- anywhere anywhere tcp > dpt:webcache > ACCEPT udp -- anywhere anywhere udp > spt:domain > ACCEPT tcp -- anywhere anywhere tcp > spt:domain > ACCEPT all -- anywhere anywhere ( iptables -A INPUT > -i lo -j ACCEPT) Please follow same reply style as the one that is used in first reply. It is hard to follow conversation when you top post. Use REJECT and not DROP. When port is closed, standard computer replies with icmp port unreachable response. If firewall drops connections, it causes delays that indicate use of firewall. Some packets reach end of INPUT table and are dropped by default INPUT policy. Add 'iptables -A INPUT -j LOG' to your ruleset and check what packets reach end of table. When you design firewall ruleset, ruleset should not depend on policy. Last rule should set wide match that defines your preferred packet handling policy. -- Tomas ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
