[ale] ipchains/firewall question

Thu Aug 2 07:02:47 EDT 2001

I'm having problems getting mail to my server.  I am able to send email out.
But no mail is able to get through to the server.  If I try to 'get' mail from
within Netscape, I get the message 'Connection refused.  Server is busy or not
accepting connections at this time.'  If I try to telnet to port 25 I get a
similar message.

I'm not sure, but I think the problem is somewhere in the firewall
configuration.  This is a new install of RH7.1 running with the default ipchain
rules created during the install.  OK I know this isn't the best setup - but I
just trying to get things up and running and will lock everything down after
that.  From what little knowledge I have of this, port 25 should be accepting
connections.

So does anyone have any ideas why my server is refusing connection on port 25?

Here are the rules in /etc/sysconfig/ipchains:
----------------------------------------------------------------
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

This is the output from ipchains -L:
-------------------------------------------------
Chain input (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  -y----  anywhere             anywhere              any ->   http
ACCEPT     tcp  -y----  anywhere             anywhere              any ->   smtp
ACCEPT     tcp  -y----  anywhere             anywhere              any ->   ssh
ACCEPT     tcp  -y----  anywhere             anywhere              any ->
telnet
ACCEPT     all  ------  anywhere             anywhere              n/a
ACCEPT     all  ------  anywhere             anywhere              n/a
REJECT     tcp  -y----  anywhere             anywhere              any ->
0:1023
REJECT     tcp  -y----  anywhere             anywhere              any ->   nfs
REJECT     udp  ------  anywhere             anywhere              any ->
0:1023
REJECT     udp  ------  anywhere             anywhere              any ->   nfs
REJECT     tcp  -y----  anywhere             anywhere              any ->
x11:6009
REJECT     tcp  -y----  anywhere             anywhere              any ->   xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

Thanks
Eric

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.