From: Mark Tessier <mt@open2web.com>
To: netfilter@lists.samba.org
Subject: debugging iptables
Date: Mon, 17 Jun 2002 16:59:03 -0400 [thread overview]
Message-ID: <20020617165903.4b7ac76a.mt@open2web.com> (raw)
I've set up a small network with 2 subnets: LAN and DMZ. The LAN and DMZ are
connected by a rh7.1 running a iptables choke firewall. The rc.firewall
script is based on Ziegler's chpt 6 choke firewall script. When I run the
rc.firewall script I get several errors that I'm hoping someone can help me
with. Here's a look at those errors:
iptables v1.2.1a: host/network `smtpx.xxxx.xx' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.1a: host/network `smtpx.xxxx.xx' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.1a: host/network `mail.yyyy.com' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.1a: host/network `mail.yyyy.com' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.1a: host/network `news.cis.dfn.de' not found
Try `iptables -h' or 'iptables --help' for more information.
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `1024:65535'
Here's the section that some of these errors refer to:
# Sending Mail to the Mail Gateway Server (TCP Port 25)
iptables -A FORWARD -i $LAN_INTERFACE -o $DMZ_INTERFACE -p tcp \
-s $LAN_ADDRESSES --sport $UNPRIVPORTS \
-d $SMTP_SERVER --dport 25 \
-m state --state NEW -j ACCEPT
iptables -A OUTPUT -o $DMZ_INTERFACE -p tcp \
-s $DMZ_IPADDR --sport $UNPRIVPORTS \
-d $SMTP_SERVER --dport 25 \
-m state --state NEW -j ACCEPT
###############################################################
# Retrieving Mail as a POP Client (TCP Port 110)
iptables -A FORWARD -i $LAN_INTERFACE -o $DMZ_INTERFACE -p tcp \
-s $LAN_ADDRESSES --sport $UNPRIVPORTS \
-d $POP_SERVER --dport 110 \
-m state --state NEW -j ACCEPT
iptables -A OUTPUT -o $DMZ_INTERFACE -p tcp \
-s $DMZ_IPADDR --sport $UNPRIVPORTS \
-d $POP_SERVER --dport 110 \
-m state --state NEW -j ACCEPT
I'm not sure why the script causes these error messages, while others like accessing an HTTP server doesn't produce any error mesages. DNS rules are prior to these rules.
--
Thanks,
Mark
--
Thanks,
Mark
next reply other threads:[~2002-06-17 20:59 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-17 20:59 Mark Tessier [this message]
2002-06-17 21:12 ` debugging iptables Antony Stone
[not found] ` <20020617173308.6b2bfc5d.mt@open2web.com>
2002-06-17 22:04 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020617165903.4b7ac76a.mt@open2web.com \
--to=mt@open2web.com \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.