[ale] ipchains/firewall question (well, maybe not)
KeithH
hne at inetnow.net
Thu Aug 2 07:13:54 EDT 2001
Hi Eric,
You might check your pop/imap server before you dig into your
firewall. Are they enabled in /etc/services and /etc/inetd.conf (or
xinetd.conf depending on your setup). I've found most installations do
not enable them by default. You don't need them if you run
pine/elm/mutt/whatever locally, but clients like Netscape/Outlook have
to have a pop/imap server. inetd usually takes care of these for you.
Port 25 is where sendmail/qmail/whatever listen for incoming mail.
Netscape does not use it for the "get" mail function.
Best o'Luck,
Keith
Eric_Brubakken at aoncons.com wrote:
>
> I'm having problems getting mail to my server. I am able to send email out.
> But no mail is able to get through to the server. If I try to 'get' mail from
> within Netscape, I get the message 'Connection refused. Server is busy or not
> accepting connections at this time.' If I try to telnet to port 25 I get a
> similar message.
>
> I'm not sure, but I think the problem is somewhere in the firewall
> configuration. This is a new install of RH7.1 running with the default ipchain
> rules created during the install. OK I know this isn't the best setup - but I
> just trying to get things up and running and will lock everything down after
> that. From what little knowledge I have of this, port 25 should be accepting
> connections.
>
> So does anyone have any ideas why my server is refusing connection on port 25?
>
>
> Here are the rules in /etc/sysconfig/ipchains:
> ----------------------------------------------------------------
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> # firewall; such entries will *not* be listed here.
> :input ACCEPT
> :forward ACCEPT
> :output ACCEPT
> -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
> -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
> -A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
> -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
> -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
> -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
> -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
>
> This is the output from ipchains -L:
> -------------------------------------------------
> Chain input (policy ACCEPT):
> target prot opt source destination ports
> ACCEPT tcp -y---- anywhere anywhere any -> http
> ACCEPT tcp -y---- anywhere anywhere any -> smtp
> ACCEPT tcp -y---- anywhere anywhere any -> ssh
> ACCEPT tcp -y---- anywhere anywhere any ->
> telnet
> ACCEPT all ------ anywhere anywhere n/a
> ACCEPT all ------ anywhere anywhere n/a
> REJECT tcp -y---- anywhere anywhere any ->
> 0:1023
> REJECT tcp -y---- anywhere anywhere any -> nfs
> REJECT udp ------ anywhere anywhere any ->
> 0:1023
> REJECT udp ------ anywhere anywhere any -> nfs
> REJECT tcp -y---- anywhere anywhere any ->
> x11:6009
> REJECT tcp -y---- anywhere anywhere any -> xfs
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
>
> Thanks
> Eric
>
>
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list