From: Joel Newkirk <netfilter@newkirk.us>
To: Administrador de Red <admin@gecyt.cu>, netfilter@lists.netfilter.org
Subject: Re: error with the Outlook Express and iptables with the nat and packet filtering
Date: Fri, 6 Dec 2002 20:19:47 -0500 [thread overview]
Message-ID: <200212062019.47710.netfilter@newkirk.us> (raw)
In-Reply-To: <web-160111@gecyt.cu>
On Thursday 05 December 2002 06:13 pm, Administrador de Red wrote:
> Hi friends, i has a big problem with the iptables and you
> rules, i want to doing a nat with the packet filtering but
> when i try access to my mail with the Outlokk Express I
> can't send and recived, the OE ask me a login and
> password, and show the following error
>
> There was a problem logging onto your mail server. Your
> Password was rejected. Account: 'mail.gecyt.cu', Server:
> 'mail.gecyt.cu', Protocol: POP3, Server Response: '-ERR
> your network does not have access to this account', Port:
> 110, Secure(SSL): No, Server Error: 0x800CCC90, Error
> Number: 0x800CCC92
>
> waht it is the problem someone can i help.
> thanks very mouch.
If the OE client receives this error then the communication through the
firewall/NAT is working properly, since it is able to get the request to
the server, and receive a reply from it. The actual text of the error
('your network does not have access to this account') makes me suspect a
cause. My suspicion is this (cheating, in that I looked at the rules in
your next post :^):
You DNAT the packets to forward them to the server. You SNAT them as
well, so that they return to your firewall for reverse handling. The IP
address of the firewall box (the one that the SNAT is putting in as the
source IP on the requests) is not recognized as part of the appropriate
IP range that the user account is expected to connect from, and the
server is refusing to allow it. Quite a few ISP's do this now on SMTP,
as an anti-spam measure, I've rarely seen it for POP3 though.
Is this an email server that you control? If so, or if you can influence
someone who can, check the configuration to see if it is restricted in
this manner. If it is, see if the restriction can be modified to
recognize the public IP that you use in your SNAT. If not, I'm not sure
what can be done. :^(
j
prev parent reply other threads:[~2002-12-07 1:19 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-05 23:13 error with the Outlook Express and iptables with the nat and packet filtering Administrador de Red
2002-12-07 1:19 ` Joel Newkirk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200212062019.47710.netfilter@newkirk.us \
--to=netfilter@newkirk.us \
--cc=admin@gecyt.cu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.