[ale] ipchains/firewall question (well, maybe not)

KeithH hne at inetnow.net
Thu Aug 2 07:13:54 EDT 2001


Hi Eric,

  You might check your pop/imap server before you dig into your
firewall.  Are they enabled in /etc/services and /etc/inetd.conf (or
xinetd.conf depending on your setup).  I've found most installations do
not enable them by default.  You don't need them if you run
pine/elm/mutt/whatever locally, but clients like Netscape/Outlook have
to have a pop/imap server.  inetd usually takes care of these for you.

  Port 25 is where sendmail/qmail/whatever listen for incoming mail.
Netscape does not use it for the "get" mail function.

Best o'Luck,
  Keith


Eric_Brubakken at aoncons.com wrote:

> 
> I'm having problems getting mail to my server.  I am able to send email out.
> But no mail is able to get through to the server.  If I try to 'get' mail from
> within Netscape, I get the message 'Connection refused.  Server is busy or not
> accepting connections at this time.'  If I try to telnet to port 25 I get a
> similar message.
> 
> I'm not sure, but I think the problem is somewhere in the firewall
> configuration.  This is a new install of RH7.1 running with the default ipchain
> rules created during the install.  OK I know this isn't the best setup - but I
> just trying to get things up and running and will lock everything down after
> that.  From what little knowledge I have of this, port 25 should be accepting
> connections.
> 
> So does anyone have any ideas why my server is refusing connection on port 25?
> 
> 
> Here are the rules in /etc/sysconfig/ipchains:
> ----------------------------------------------------------------
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
> -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> -A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
> -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
> -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
> -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
> 
> This is the output from ipchains -L:
> -------------------------------------------------
> Chain input (policy ACCEPT):
> target     prot opt     source                destination           ports
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->   http
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->   smtp
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->   ssh
> ACCEPT     tcp  -y----  anywhere             anywhere              any ->
> telnet
> ACCEPT     all  ------  anywhere             anywhere              n/a
> ACCEPT     all  ------  anywhere             anywhere              n/a
> REJECT     tcp  -y----  anywhere             anywhere              any ->
> 0:1023
> REJECT     tcp  -y----  anywhere             anywhere              any ->   nfs
> REJECT     udp  ------  anywhere             anywhere              any ->
> 0:1023
> REJECT     udp  ------  anywhere             anywhere              any ->   nfs
> REJECT     tcp  -y----  anywhere             anywhere              any ->
> x11:6009
> REJECT     tcp  -y----  anywhere             anywhere              any ->   xfs
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> 
> Thanks
> Eric
> 
> 
> 
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> 


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list