mail server acces pb

mail server acces pb

[kmc]

i have a 2 machines network in workgroup. One LINUX connected to INTERNET through ADSL AND A LAPTOP/XP that can't access to my ISP mail server with message:
"can't find pop server's name pop.libertysurf.fr"
and then
"your mail server closed the connection

Could this be related to my netfilter? Here is my iptables definition:

#!/bin/sh
# /etc/network/if-pre-up.d/iptables-start.sh
iptables -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT   #kmc permet l'accès réseau local
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p igmp -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -j ACCEPT
iptables -A INPUT -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -p udp --dport 139 -j ACCEPT
iptables -A INPUT -p udp --dport 177 -j ACCEPT
iptables -A INPUT -p tcp --dport 6001 -j ACCEPT
iptables -A INPUT -p udp --dport 1234 -j ACCEPT
iptables -A INPUT -p udp -d 224.2.127.254 --dport 9875 -j ACCEPT
iptables -A INPUT -j REJECT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -o eth1 --clamp-mss-to-pmtu
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.5:80

Thanks for help
 



******ADSL Tiscali, le Haut débit au meilleur prix ******
Avec Tiscali, profitez de l'ADSL au meilleur prix partout en France !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl
Sous réserve d'éligibilité à l'ADSL.



******ADSL Tiscali, le Haut débit au meilleur prix ******
Avec Tiscali, profitez de l'ADSL au meilleur prix partout en France !
Pour profiter de cette offre exceptionnelle, cliquez ici : http://register.tiscali.fr/adsl
Sous réserve d'éligibilité à l'ADSL.

Re: mail server acces pb

[David Cannings]

On Thursday 22 April 2004 23:17, kmc@tiscali.fr wrote:
> i have a 2 machines network in workgroup. One LINUX connected to
> INTERNET through ADSL AND A LAPTOP/XP that can't access to my ISP mail
> server with message: "can't find pop server's name pop.libertysurf.fr"
> and then
> "your mail server closed the connection

From looking at your rules I do not see anything that would stop your 
Windows machine from accessing the Internet however I would check the 
following:

1) Can your Windows machine resolve the hostname for pop.libertysurf.fr?  
A good way to check would be to pull up a command line (Start->Run->"cmd" 
worked in 2000 and most likely will in XP too) and use the tool 
"nslookup".  `nslookup pop.libertysurf.fr` should show you.

2) Does your Windows machine access anything else as expected?  For 
example, can you web surf or use other Internet applications?

3) If no to 2 above, are your DNS settings in Windows correct?  I cannot 
say what they should be as I do not know who your ISP is but if your 
Linux machine works fine, use the same entry as in /etc/resolv.conf.

I would also note that having a default ACCEPT policy can be a bad thing.  
To satisfy the paranoid a default DENY policy with rules crafted inside 
to let only what you want through is the safest way to build your 
firewall.  One other note is that based on your ruleset, I have made the 
presumption that the Linux machine is acting as the gateway.

David