Re: Outgoing SMTP Mystery

["Michael Hudin" <hudin@zoetrope.com>]

That would be a good way to test.  Unfortunately I don't have telnet setup
on any machines that are external to the firewall and have qmail running.
When I went to port 25 using telnet, it did appear to authenticate me
through one of the usernames, but I may be mistaken since I'm not very
knowledgeable about telnet.

Omar, thanks for the offlist help with the port forwarding by the way.  This
has to be one of the useful and helpful groups of people out there.

-michael

----- Original Message -----
From: "Omar Castaneda Acosta" <omar@idea.com.mx>
To: "Michael Hudin" <hudin@zoetrope.com>
Sent: Wednesday, June 05, 2002 11:03 AM
Subject: RE: Outgoing SMTP Mystery


Well, if you can connect to port 25 from the someplace on the external
side of your firewall, then the port forwarding is working ok.
try manually (using telnet) sending an email thru a connection being
portfw'ed to your qmail server.

-----Original Message-----
From: Michael Hudin [mailto:hudin@zoetrope.com]
Sent: Wednesday, June 05, 2002 11:59 AM
To: netfilter@lists.samba.org
Subject: Re: Outgoing SMTP Mystery

Yeah, I was assuming that there were no default drop rules.  I'll make
sure
to implement those.

I did realize that my /etc/hosts file was still set to the old subnet.
I
corrected that, but it still is having the same problem.  The gateway on
the
mail machine is set correctly and remember that I can POP in and out and
SMTP out.  I just can't get SMTP in for some mind boggling reason.

-michael

----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Tuesday, June 04, 2002 4:46 PM
Subject: Re: Outgoing SMTP Mystery


> On Tuesday 04 June 2002 11:18 pm, Michael Hudin wrote:
>
> >  I've always assumed that the numbers in the brackets were port
allowances
>
> No, they're not (although I can't say what they are - I don't use
> iptables-save).   If you look at the numbers, many of them are larger
than
> 65535, so they're certainly not port numbers :-)
>
> > Here are my tables:
> >
> > *nat
> >
> > :PREROUTING ACCEPT [241:88600]
> > :POSTROUTING ACCEPT [0:9862]
> > :OUTPUT ACCEPT [68:4275]
> >
> > *mangle
> >
> > :PREROUTING ACCEPT [18365:3221456]
> > :INPUT ACCEPT [10886:760348]
> > :FORWARD ACCEPT [7269:2438049]
> > :OUTPUT ACCEPT [8009:752540]
> > :POSTROUTING ACCEPT [15177:3182145]
> >
> > *filter
> >
> > :INPUT ACCEPT [0:229546]
> > :FORWARD ACCEPT [363:1553786]
> > :OUTPUT ACCEPT [2:619341]
>
> I find this interesting - you have a default ACCEPT policy on all your
chains
> - specifically on FORWARD, and I cannot see any rules you have
included
which
> DROP or REJECT packets..... so is there really any filtering going on
in
your
> firewall, or is it in fact just an open router doing some network
address
> translation !?
>
> I know this doesn't exactly solve your problem, but I wonder if it
means
the
> problem isn't on your firewall ?
>
> Perhaps you could check the routing table on your SMTP server - what
does
it
> have for a default gateway address ?
>
>
> Antony.
>
>
>