mails not going thru'

mails not going thru'

[varun_saa]

Hello,
     My server is on Mandriva 10.1
eth0 is WAN with static IP connected to 512K DSL
eth1 is LAN - 192.168.0.0/24 and 192.168.21.0/24

My rules are as follows :

# Generated by iptables-save v1.2.9 on Fri Jan  7 20:56:35 2000
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Jan  7 20:56:35 2000
# Generated by iptables-save v1.2.9 on Fri Jan  7 20:56:35 2000
*mangle
:PREROUTING ACCEPT [1024:195745]
:INPUT ACCEPT [1019:194076]
:FORWARD ACCEPT [2:144]
:OUTPUT ACCEPT [1000:192114]
:POSTROUTING ACCEPT [999:192086]
COMMIT
# Completed on Fri Jan  7 20:56:35 2000
# Generated by iptables-save v1.2.9 on Fri Jan  7 20:56:35 2000
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
-A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
-A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
-A INPUT -i eth0 -j DROP
-A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
-A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j ACCEPT  --syn 
-A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j ACCEPT  --syn 
-A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j ACCEPT  --syn 
-A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j ACCEPT  --syn 
-A OUTPUT -p udp --dport 53 --sport 1024: -j ACCEPT
COMMIT
# Completed on Fri Jan  7 20:56:35 2000

Now one problem got solved after chaging
but another has started because of that.

-A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT

Originally sport was set to : --sport 80 
I changed to : --sport 1024:65535 

after corrections from Jason.

Now I think my mail are not going through
which I think is because " 1024 ".
Please correct me if I am wrong.

The squid part makes me happy but not the 
mail part.

What corrections need to be made.

Thanks in advance

Varun

Re: mails not going thru'

[Taylor, Grant]

> Now I think my mail are not going through
> which I think is because " 1024 ".
> Please correct me if I am wrong.
> 
> The squid part makes me happy but not the 
> mail part.

What system are you trying to connect to when you are sending email?



Grant. . . .

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: "Taylor, Grant" <gtaylor@riverviewtech.net>
Date: Saturday, May 7, 2005 11:45 am
Subject: Re: mails not going thru'

> > Now I think my mail are not going through
> > which I think is because " 1024 ".
> > Please correct me if I am wrong.
> > 
> > The squid part makes me happy but not the 
> > mail part.
> 
> What system are you trying to connect to when you are sending email?
> 
> 
> 
> Grant. . . .
> 
> What I meant was that clients are not
able send or recieve mails. Which was working.

Varun

Re: mails not going thru'

[Taylor, Grant]

>What I meant was that clients are not
> able send or recieve mails. Which was working.

What I'm asking is what server are your client's trying to connect to?  Are you trying to send email via your firewall or some other email server on the internet?



Grant. . . .

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: "Taylor, Grant" <gtaylor@riverviewtech.net>
Date: Saturday, May 7, 2005 12:51 pm
Subject: Re: mails not going thru'

> >What I meant was that clients are not
> > able send or recieve mails. Which was working.
> 
> What I'm asking is what server are your client's trying to connect 
> to?  Are you trying to send email via your firewall or some other 
> email server on the internet?
> 
> 
> 
> Grant. . . .
> 
> The server for which this iptables is being 
written. 

Client connected to the Mandrake 10.1 server.
With eth0 as WAN and eth1 as LAN.

I am not running any mail server.
client send/recieve thru' firewall
based iptables that is being discussed.

Varun

Re: mails not going thru'

[Jason Opperisano]

On Sat, May 07, 2005 at 10:14:49AM +0500, varun_saa@vsnl.net wrote:
> *filter
> :FORWARD ACCEPT [0:0]
> :INPUT DROP [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -s 127.0.0.1 -j ACCEPT
> -A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
> -A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
> -A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
> -A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
> -A INPUT -i eth0 -j DROP
> -A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
> -A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j ACCEPT  --syn 
> -A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j ACCEPT  --syn 
> -A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j ACCEPT  --syn 
> -A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j ACCEPT  --syn 

the policy of your FORWARD chain is set to ACCEPT, so even if there's
traffic you haven't accounted for in these rules--it will still be
allowed through.  you have a rule that allows SMTP (TCP 25) out--so i
bet if you type:

  telnet 64.233.185.27 25

which is the IP of gmail's preferred MX, you'd get connected.  if you're
FORWARD policy was DROP, i'd say that the reason you can't send mail from
a client machine is because you have no rule allowing DNS traffic out:

  -A FORWARD -i eth1 -o eth0 -p udp --sport 1024: --dport 53 -j ACCEPT
  -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: --dport 53 \
     -j ACCEPT

but since those packets will be accepted by the chain policy, my only
guess is that you do not have any valid DNS servers configured on your
client machines--on a *nix box:

  cat /etc/resolv.conf

-j

--
"Richie: Mom, uh, I really like Potsy.
 Mrs. Cunningham: Well, Potsy's a nice boy, dear. Why shouldn't you
 like him?
 Richie: No, I mean... I REALLY like Potsy.
 Mr. Cunningham: We heard you the first time, son, you've got a
 homosexual attraction to Potsy."
        --Family Guy

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: Jason Opperisano <opie@817west.com>
Date: Saturday, May 7, 2005 8:17 pm
Subject: Re: mails not going thru'

> On Sat, May 07, 2005 at 10:14:49AM +0500, varun_saa@vsnl.net wrote:
> > *filter
> > :FORWARD ACCEPT [0:0]
> > :INPUT DROP [0:0]
> > :OUTPUT ACCEPT [0:0]
> > -A INPUT -s 127.0.0.1 -j ACCEPT
> > -A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j 
> ACCEPT> -A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 
> 1024:65535 -j ACCEPT
> > -A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
> > -A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
> > -A INPUT -i eth0 -j DROP
> > -A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
> > -A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
> > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j 
> ACCEPT  --syn 
> 
> the policy of your FORWARD chain is set to ACCEPT, so even if there's
> traffic you haven't accounted for in these rules--it will still be
> allowed through.  you have a rule that allows SMTP (TCP 25) out--so i
> bet if you type:
> 
>  telnet 64.233.185.27 25
> 
> which is the IP of gmail's preferred MX, you'd get connected.  if 
> you'reFORWARD policy was DROP, i'd say that the reason you can't 
> send mail from
> a client machine is because you have no rule allowing DNS traffic out:
> 
>  -A FORWARD -i eth1 -o eth0 -p udp --sport 1024: --dport 53 -j ACCEPT
>  -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: --dport 53 \
>     -j ACCEPT
> 
> but since those packets will be accepted by the chain policy, my only
> guess is that you do not have any valid DNS servers configured on your
> client machines--on a *nix box:
> 
>  cat /etc/resolv.conf
> 
> -j
> 
> --
> "Richie: Mom, uh, I really like Potsy.
> Mrs. Cunningham: Well, Potsy's a nice boy, dear. Why shouldn't you
> like him?
> Richie: No, I mean... I REALLY like Potsy.
> Mr. Cunningham: We heard you the first time, son, you've got a
> homosexual attraction to Potsy."
>        --Family Guy
> 

Thanks a lot.
Sorry for the resend. I keep forgeting
to the check the reply addresses.

Varun

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: Jason Opperisano <opie@817west.com>
Date: Saturday, May 7, 2005 8:17 pm
Subject: Re: mails not going thru'

> On Sat, May 07, 2005 at 10:14:49AM +0500, varun_saa@vsnl.net wrote:
> > *filter
> > :FORWARD ACCEPT [0:0]
> > :INPUT DROP [0:0]
> > :OUTPUT ACCEPT [0:0]
> > -A INPUT -s 127.0.0.1 -j ACCEPT
> > -A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j 
> ACCEPT> -A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 
> 1024:65535 -j ACCEPT
> > -A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
> > -A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
> > -A INPUT -i eth0 -j DROP
> > -A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
> > -A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
> > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j 
> ACCEPT  --syn 
> > -A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j 
> ACCEPT  --syn 
> 
> the policy of your FORWARD chain is set to ACCEPT, so even if there's
> traffic you haven't accounted for in these rules--it will still be
> allowed through.  you have a rule that allows SMTP (TCP 25) out--so i
> bet if you type:
> 
>  telnet 64.233.185.27 25

[varun@saamail varun]$ telnet 64.233.185.27 25
Trying 64.233.185.27...

No response
> 
> which is the IP of gmail's preferred MX, you'd get connected.  if 
> you'reFORWARD policy was DROP, i'd say that the reason you can't 
> send mail from
> a client machine is because you have no rule allowing DNS traffic out:
> 
>  -A FORWARD -i eth1 -o eth0 -p udp --sport 1024: --dport 53 -j ACCEPT
>  -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: --dport 53 \
>     -j ACCEPT
> 
> but since those packets will be accepted by the chain policy, my only
> guess is that you do not have any valid DNS servers configured on your
> client machines--on a *nix box:
> 
>  cat /etc/resolv.conf

[varun@saamail varun]$ cat /etc/resolv.conf
search saice.edu
nameserver 203.145.184.13

# ppp temp entry

> 
> -j
> 

Strange, I can browse but I can't ping ISP gateway
and ISP DNS.

I can ping ISP gateway and ISP DNS from server.


Varun

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: varun_saa@vsnl.net
Date: Monday, May 9, 2005 9:23 am
Subject: Re: mails not going thru'

> 
> 
> ----- Original Message -----
> From: Jason Opperisano <opie@817west.com>
> Date: Saturday, May 7, 2005 8:17 pm
> Subject: Re: mails not going thru'
> 
> > On Sat, May 07, 2005 at 10:14:49AM +0500, varun_saa@vsnl.net wrote:
> > > *filter
> > > :FORWARD ACCEPT [0:0]
> > > :INPUT DROP [0:0]
> > > :OUTPUT ACCEPT [0:0]
> > > -A INPUT -s 127.0.0.1 -j ACCEPT
> > > -A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -
> j 
> > ACCEPT> -A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 
> > 1024:65535 -j ACCEPT
> > > -A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
> > > -A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
> > > -A INPUT -i eth0 -j DROP
> > > -A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
> > > -A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
> > > -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> > > -A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j 
> > ACCEPT  --syn 
> > > -A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j 
> > ACCEPT  --syn 
> > > -A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j 
> > ACCEPT  --syn 
> > > -A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j 
> > ACCEPT  --syn 
> > 
> > the policy of your FORWARD chain is set to ACCEPT, so even if 
> there's> traffic you haven't accounted for in these rules--it will 
> still be
> > allowed through.  you have a rule that allows SMTP (TCP 25) out--
> so i
> > bet if you type:
> > 
> >  telnet 64.233.185.27 25
> 
> [varun@saamail varun]$ telnet 64.233.185.27 25
> Trying 64.233.185.27...
> 
> No response
> > 
> > which is the IP of gmail's preferred MX, you'd get connected.  if 
> > you'reFORWARD policy was DROP, i'd say that the reason you can't 
> > send mail from
> > a client machine is because you have no rule allowing DNS traffic 
> out:> 
> >  -A FORWARD -i eth1 -o eth0 -p udp --sport 1024: --dport 53 -j 
> ACCEPT>  -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: --
> dport 53 \
> >     -j ACCEPT
> > 
> > but since those packets will be accepted by the chain policy, my 
> only> guess is that you do not have any valid DNS servers 
> configured on your
> > client machines--on a *nix box:
> > 
> >  cat /etc/resolv.conf
> 
> [varun@saamail varun]$ cat /etc/resolv.conf
> search saice.edu
> nameserver 203.145.184.13
> 
> # ppp temp entry
> 
> > 
> > -j
> > 
> 
> Strange, I can browse but I can't ping ISP gateway
> and ISP DNS.
> 
> I can ping ISP gateway and ISP DNS from server.
> 
> 
> Varun
> 
> 
>  watch -d iptables -nvL -> gives the following


 Every 2.0s: iptables -nvL                                                                       Mon May  9 11:36:33 2005

Chain INPUT (policy ACCEPT 25339 packets, 3067K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 289 packets, 20494 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 7895 packets, 1313K bytes)
 pkts bytes target     prot opt in     out     source               destination


If yhat helps.

Varun

Re: mails not going thru'

[Taylor, Grant]

> The server for which this iptables is being 
> written. 
> 
> Client connected to the Mandrake 10.1 server.
> With eth0 as WAN and eth1 as LAN.
> 
> I am not running any mail server.
> client send/recieve thru' firewall
> based iptables that is being discussed.

If you are trying to configure your email clients on your local LAN to send email out via the internal IP address of your firewall (that is not running any email it's self) via redirecting inbound TCP connections to port 25 / 587 to a mail server somewhere on the internet?  If that is the case you will need to set up a DNAT rule that points to the mail server that you want to send email with.

Other than that I can't see any thing that would be preventing your email from functioning.



Grant. . . .

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: "Taylor, Grant" <gtaylor@riverviewtech.net>
Date: Monday, May 9, 2005 11:37 am
Subject: Re: mails not going thru'

> > The server for which this iptables is being 
> > written. 
> > 
> > Client connected to the Mandrake 10.1 server.
> > With eth0 as WAN and eth1 as LAN.
> > 
> > I am not running any mail server.
> > client send/recieve thru' firewall
> > based iptables that is being discussed.
> 
> If you are trying to configure your email clients on your local LAN 
> to send email out via the internal IP address of your firewall 
> (that is not running any email it's self) via redirecting inbound 
> TCP connections to port 25 / 587 to a mail server somewhere on the 
> internet?  If that is the case you will need to set up a DNAT rule 
> that points to the mail server that you want to send email with.
> 
> Other than that I can't see any thing that would be preventing your 
> email from functioning.
> 
> 
> 
> Grant. . . .
> 
> Well my server in on Mandrake10.1
with eth0 as WAN with static IP
eth1 as LAN 192.168.0.xxx.

Clients connect to eth1 of the server.

I hope this help

Varun

Re: mails not going thru'

[Taylor, Grant]

> Well my server in on Mandrake10.1
> with eth0 as WAN with static IP
> eth1 as LAN 192.168.0.xxx.
> 
> Clients connect to eth1 of the server.
> 
> I hope this help

Yes this does help.

Try setting up a DNAT rule that will take any port 25 (SMTP) connections received on eth1 from your LAN and DNAT them to an SMTP server on the net that will relay for your network.  You would do this with something along the following lines:

iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -d $IP_Address_of_Firewall -p tcp --dport 25 -j DNAT --to-destination $IP_Address_of_SMTP_server

This should take any port 25 traffic (SMTP) that is inbound to your server and redirect it to an SMTP server on the net.



Grant. . . .

Re: mails not going thru'

[Jason Opperisano]

On Mon, May 09, 2005 at 08:53:33AM +0500, varun_saa@vsnl.net wrote:
> [varun@saamail varun]$ telnet 64.233.185.27 25
> Trying 64.233.185.27...
> 
> No response

try that from the firewall itself.  if it still doesn't work, i would
propose that your ISP blocks TCP port 25 traffic from customer IP's from
leaving it's network (mindspring used to do this, dunno if earthlink
continued the trend as i dropped them after they refused to rethink
their policy).

-j

--
"Peter: I'm looking for some toilet training books.
 Salesman: We have the popular 'everybody poops", or the less popular
 'nobody poops but you'. 
 Peter: Well, you see, we're catholic...
 Salesman: Ah, then you'll want 'you're a naughty, naughty boy, and
 that's concentrated evil coming out the back of you'."
        --Family Guy

Re: mails not going thru'

[varun_saa]

----- Original Message -----
From: Jason Opperisano <opie@817west.com>
Date: Monday, May 9, 2005 8:04 pm
Subject: Re: mails not going thru'

> On Mon, May 09, 2005 at 08:53:33AM +0500, varun_saa@vsnl.net wrote:
> > [varun@saamail varun]$ telnet 64.233.185.27 25
> > Trying 64.233.185.27...
> > 
> > No response
> 
> try that from the firewall itself.  if it still doesn't work, i would
> propose that your ISP blocks TCP port 25 traffic from customer IP's 
> fromleaving it's network (mindspring used to do this, dunno if 
> earthlinkcontinued the trend as i dropped them after they refused 
> to rethink
> their policy).
> 
> -j
> 
From the server

root@saaserver root]#  telnet 64.233.185.27 25
Trying 64.233.185.27...
Connected to 64.233.185.27.
Escape character is '^]'.
220 mx.gmail.com ESMTP 6si352981wrl
quit
221 2.0.0 mx.gmail.com closing connection
Connection closed by foreign host.

Sorry for the delay in replying.
Just got stuck with other issues.


Varun

Re: mails not going thru'

[Jason Opperisano]

On Thu, May 12, 2005 at 04:50:28PM +0500, varun_saa@vsnl.net wrote:
> root@saaserver root]#  telnet 64.233.185.27 25
> Trying 64.233.185.27...
> Connected to 64.233.185.27.
> Escape character is '^]'.
> 220 mx.gmail.com ESMTP 6si352981wrl
> quit
> 221 2.0.0 mx.gmail.com closing connection
> Connection closed by foreign host.
> 
> Sorry for the delay in replying.
> Just got stuck with other issues.

and the internal IP address of saaserver is the default gateway of the
internal client machines?

-j

--
"Stewie: Forecast for tomorrow; A few sprinkles of genius with a chance
 of doom."
        --Family Guy

Re: mails not going thru'

[Jason Opperisano]

On Thu, May 12, 2005 at 08:38:15AM -0400, Jason Opperisano wrote:
> On Thu, May 12, 2005 at 04:50:28PM +0500, varun_saa@vsnl.net wrote:
> > root@saaserver root]#  telnet 64.233.185.27 25
> > Trying 64.233.185.27...
> > Connected to 64.233.185.27.
> > Escape character is '^]'.
> > 220 mx.gmail.com ESMTP 6si352981wrl
> > quit
> > 221 2.0.0 mx.gmail.com closing connection
> > Connection closed by foreign host.
> > 
> > Sorry for the delay in replying.
> > Just got stuck with other issues.
> 
> and the internal IP address of saaserver is the default gateway of the
> internal client machines?

had a stupid thought:  you *have* enabled IP Forwarding on saaserver,
right?

  sysctl net.ipv4.ip_forward

should report:

  net.ipv4.ip_forward = 1

if not, set it:

  sysctl -w net.ipv4.ip_forward=1

-j

--
"Contestant: I'll take the dying boy to block.
 Tom Bergeron: Ok, Jeremy... is there anything lower than absolute
 zero?
 Jeremy: Uhh, yeah... my white cell count."
        --Family Guy

Re: mails not going thru'

[varun_saa]

  
  
----- Original Message -----  
From: Jason Opperisano <opie@817west.com>  
Date: Thursday, May 12, 2005 6:08 pm  
Subject: Re: mails not going thru'  
  
> On Thu, May 12, 2005 at 04:50:28PM +0500, varun_saa@vsnl.net wrote:  
> > root@saaserver root]#  telnet 64.233.185.27 25  
> > Trying 64.233.185.27...  
> > Connected to 64.233.185.27.  
> > Escape character is '^]'.  
> > 220 mx.gmail.com ESMTP 6si352981wrl  
> > quit  
> > 221 2.0.0 mx.gmail.com closing connection  
> > Connection closed by foreign host.  
> >   
> > Sorry for the delay in replying.  
> > Just got stuck with other issues.  
>   
> and the internal IP address of saaserver is the default gateway of the  
> internal client machines?  
 
Yes, that is correct 
 
Varun 
>   
> -j  
>   
> --  
> "Stewie: Forecast for tomorrow; A few sprinkles of genius with a   
> chance of doom."  
>        --Family Guy  
>   
>   

Re: mails not going thru'

[varun_saa]

 
 
----- Original Message ----- 
From: Jason Opperisano <opie@817west.com> 
Date: Thursday, May 12, 2005 7:17 pm 
Subject: Re: mails not going thru' 
 
> On Thu, May 12, 2005 at 08:38:15AM -0400, Jason Opperisano wrote: 
> > On Thu, May 12, 2005 at 04:50:28PM +0500, varun_saa@vsnl.net wrote: 
> > > root@saaserver root]#  telnet 64.233.185.27 25 
> > > Trying 64.233.185.27... 
> > > Connected to 64.233.185.27. 
> > > Escape character is '^]'. 
> > > 220 mx.gmail.com ESMTP 6si352981wrl 
> > > quit 
> > > 221 2.0.0 mx.gmail.com closing connection 
> > > Connection closed by foreign host. 
> > >  
> > > Sorry for the delay in replying. 
> > > Just got stuck with other issues. 
> >  
> > and the internal IP address of saaserver is the default gateway  
> of the 
> > internal client machines? 
>  
> had a stupid thought:  you *have* enabled IP Forwarding on saaserver, 
> right? 
 
Yes I have. 
 
Varun 
>  
>  sysctl net.ipv4.ip_forward 
>  
> should report: 
>  
>  net.ipv4.ip_forward = 1 
>  
> if not, set it: 
>  
>  sysctl -w net.ipv4.ip_forward=1 
>  
> -j 
>  
> -- 
> "Contestant: I'll take the dying boy to block. 
> Tom Bergeron: Ok, Jeremy... is there anything lower than absolute 
> zero? 
> Jeremy: Uhh, yeah... my white cell count." 
>        --Family Guy 
>  
>