How do I open port 25? Went with default install and cant seem to telnet to outside smtp server. Also nmap from outside shows 25 closed.
Jim Van Eeckhoutte wrote:> How do I open port 25? Went with default install and cant seem to telnet to outside smtp server. Also nmap from outside shows 25 closed.A default install doesn''t give you anything. You need to configure your interfaces, policies, and rules at a minimum. Search the Shorewall web site for SMTP or port 25 and you should find everything you need. Paul http://paulgear.webhop.net
On Mon, 13 May 2002, Jim Van Eeckhoutte wrote:> How do I open port 25? Went with default install and cant seem to telnet > to outside smtp server. Also nmap from outside shows 25 closed.Sigh. You are having a problem connecting from INSIDE to OUTSIDE. nmap running OUTSIDE is telling you that the firewall is preventing connections from OUTSIDE to INSIDE. If you need to open SMTP from OUTSIDE to INSIDE (which I doubt), the "how" depends on where your mail server is running. If it''s running behind the firewall, you probably need a port forwarding rule for port 25; if it is running on the firewall itself, then you simply need a rule that allows TCP port 25 from the net to the firewall. As to your original problem -- can you "telnet mail.shorewall.net 25" from behind your firewall? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Original problem: can you "telnet mail.shorewall.net 25" from>behind your firewall?no I cannot. But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. ---------- Original Message ---------------------------------- From: Tom Eastep <teastep@shorewall.net> Date: Tue, 14 May 2002 06:32:32 -0700 (PDT)>On Mon, 13 May 2002, Jim Van Eeckhoutte wrote: > >> How do I open port 25? Went with default install and cant seem to telnet >> to outside smtp server. Also nmap from outside shows 25 closed. > >Sigh. > >You are having a problem connecting from INSIDE to OUTSIDE. nmap running >OUTSIDE is telling you that the firewall is preventing connections from >OUTSIDE to INSIDE. > >If you need to open SMTP from OUTSIDE to INSIDE (which I doubt), the "how" >depends on where your mail server is running. If it''s running behind the >firewall, you probably need a port forwarding rule for port 25; if it is >running on the firewall itself, then you simply need a rule that allows >TCP port 25 from the net to the firewall. > >As to your original problem -- can you "telnet mail.shorewall.net 25" from >behind your firewall? > >-Tom >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users >
On Tue, 14 May 2002, Jim Van Eeckhoutte wrote:> Original problem: can you "telnet mail.shorewall.net 25" from > >behind your firewall? > no I cannot. > But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet.So from this win2k system behind your firewall, you can''t telnet to my firewall but when you connect that win2k system to a VPN server somewhere else, then you can connect? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
yes Tom that is correct. ---------- Original Message ---------------------------------- From: Tom Eastep <teastep@shorewall.net> Date: Tue, 14 May 2002 09:03:57 -0700 (PDT)>On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > >> Original problem: can you "telnet mail.shorewall.net 25" from >> >behind your firewall? >> no I cannot. >> But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. > >So from this win2k system behind your firewall, you can''t telnet to my >firewall but when you connect that win2k system to a VPN server somewhere >else, then you can connect? > >-Tom >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users >
On Tue, 14 May 2002, Jim Van Eeckhoutte wrote:> yes Tom that is correct.So what is the default gateway on this win2k box? -Tom> ---------- Original Message ---------------------------------- > From: Tom Eastep <teastep@shorewall.net> > Date: Tue, 14 May 2002 09:03:57 -0700 (PDT) > > >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > > > >> Original problem: can you "telnet mail.shorewall.net 25" from > >> >behind your firewall? > >> no I cannot. > >> But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. > > > >So from this win2k system behind your firewall, you can''t telnet to my > >firewall but when you connect that win2k system to a VPN server somewhere > >else, then you can connect? > > > >-Tom > >-- > >Tom Eastep \ Shorewall - iptables made easy > >AIM: tmeastep \ http://www.shorewall.net > >ICQ: #60745924 \ teastep@shorewall.net > > > >_______________________________________________ > >Shorewall-users mailing list > >Shorewall-users@shorewall.net > >http://www.shorewall.net/mailman/listinfo/shorewall-users > > > >-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
gateway is router which shorewall firewall(work). Router to which i am running at home with pptp tunnel is Mikrotik firewall router. ---------- Original Message ---------------------------------- From: Tom Eastep <teastep@shorewall.net> Date: Tue, 14 May 2002 09:30:01 -0700 (PDT)>On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > >> yes Tom that is correct. > >So what is the default gateway on this win2k box? > >-Tom > >> ---------- Original Message ---------------------------------- >> From: Tom Eastep <teastep@shorewall.net> >> Date: Tue, 14 May 2002 09:03:57 -0700 (PDT) >> >> >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: >> > >> >> Original problem: can you "telnet mail.shorewall.net 25" from >> >> >behind your firewall? >> >> no I cannot. >> >> But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. >> > >> >So from this win2k system behind your firewall, you can''t telnet to my >> >firewall but when you connect that win2k system to a VPN server somewhere >> >else, then you can connect? >> > >> >-Tom >> >-- >> >Tom Eastep \ Shorewall - iptables made easy >> >AIM: tmeastep \ http://www.shorewall.net >> >ICQ: #60745924 \ teastep@shorewall.net >> > >> >_______________________________________________ >> >Shorewall-users mailing list >> >Shorewall-users@shorewall.net >> >http://www.shorewall.net/mailman/listinfo/shorewall-users >> > >> >> > >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ teastep@shorewall.net > >
On Tue, 14 May 2002, Jim Van Eeckhoutte wrote:> gateway is router which shorewall firewall(work). Router to which i am > running at home with pptp tunnel is Mikrotik firewall router.So did you run tcpdump as I suggested and if so what output did you see? -Tom> ---------- Original Message ---------------------------------- > From: Tom Eastep <teastep@shorewall.net> > Date: Tue, 14 May 2002 09:30:01 -0700 (PDT) > > >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > > > >> yes Tom that is correct. > > > >So what is the default gateway on this win2k box? > > > >-Tom > > > >> ---------- Original Message ---------------------------------- > >> From: Tom Eastep <teastep@shorewall.net> > >> Date: Tue, 14 May 2002 09:03:57 -0700 (PDT) > >> > >> >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > >> > > >> >> Original problem: can you "telnet mail.shorewall.net 25" from > >> >> >behind your firewall? > >> >> no I cannot. > >> >> But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. > >> > > >> >So from this win2k system behind your firewall, you can''t telnet to my > >> >firewall but when you connect that win2k system to a VPN server somewhere > >> >else, then you can connect? > >> > > >> >-Tom > >> >-- > >> >Tom Eastep \ Shorewall - iptables made easy > >> >AIM: tmeastep \ http://www.shorewall.net > >> >ICQ: #60745924 \ teastep@shorewall.net > >> > > >> >_______________________________________________ > >> >Shorewall-users mailing list > >> >Shorewall-users@shorewall.net > >> >http://www.shorewall.net/mailman/listinfo/shorewall-users > >> > > >> > >> > > > >-- > >Tom Eastep \ Shorewall - iptables made easy > >AIM: tmeastep \ http://www.shorewall.net > >ICQ: #60745924 \ teastep@shorewall.net > > > > > >-- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
i dont have tcpdump installed on bering/shorewall router (not enough room). It is in outside router on another customers site. I can do from there but from telnet/ssh. How can i initiate 2 commands at once (telnet 25 bering/tcpdump)? ---------- Original Message ---------------------------------- From: Tom Eastep <teastep@shorewall.net> Date: Tue, 14 May 2002 09:52:51 -0700 (PDT)>On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: > >> gateway is router which shorewall firewall(work). Router to which i am >> running at home with pptp tunnel is Mikrotik firewall router. > >So did you run tcpdump as I suggested and if so what output did you see? > >-Tom > > >> ---------- Original Message ---------------------------------- >> From: Tom Eastep <teastep@shorewall.net> >> Date: Tue, 14 May 2002 09:30:01 -0700 (PDT) >> >> >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: >> > >> >> yes Tom that is correct. >> > >> >So what is the default gateway on this win2k box? >> > >> >-Tom >> > >> >> ---------- Original Message ---------------------------------- >> >> From: Tom Eastep <teastep@shorewall.net> >> >> Date: Tue, 14 May 2002 09:03:57 -0700 (PDT) >> >> >> >> >On Tue, 14 May 2002, Jim Van Eeckhoutte wrote: >> >> > >> >> >> Original problem: can you "telnet mail.shorewall.net 25" from >> >> >> >behind your firewall? >> >> >> no I cannot. >> >> >> But I noticed that when i use vpn (win2k behind firewall) to home router i can telnet. >> >> > >> >> >So from this win2k system behind your firewall, you can''t telnet to my >> >> >firewall but when you connect that win2k system to a VPN server somewhere >> >> >else, then you can connect? >> >> > >> >> >-Tom >> >> >-- >> >> >Tom Eastep \ Shorewall - iptables made easy >> >> >AIM: tmeastep \ http://www.shorewall.net >> >> >ICQ: #60745924 \ teastep@shorewall.net >> >> > >> >> >_______________________________________________ >> >> >Shorewall-users mailing list >> >> >Shorewall-users@shorewall.net >> >> >http://www.shorewall.net/mailman/listinfo/shorewall-users >> >> > >> >> >> >> >> > >> >-- >> >Tom Eastep \ Shorewall - iptables made easy >> >AIM: tmeastep \ http://www.shorewall.net >> >ICQ: #60745924 \ teastep@shorewall.net >> > >> > >> >> > >-- >Tom Eastep \ Shorewall - iptables made easy >AIM: tmeastep \ http://www.shorewall.net >ICQ: #60745924 \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users >
On Tue, 14 May 2002, Jim Van Eeckhoutte wrote:> i dont have tcpdump installed on bering/shorewall router (not enough > room). It is in outside router on another customers site. I can do from > there but from telnet/ssh. How can i initiate 2 commands at once (telnet > 25 bering/tcpdump)?So now we have "work", "another customer site", and "home" -- are we talking about 3 separate sites? If so, I''m totally lost and need a diagram. And I don''t understand your 2-commands question. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net