thr3ads.net - Shorewall users - [Shorewall-users] newbie question: SMTP on DMZ zone [Apr 2002]

If this information is useful, please help other people find it:
Share via:

Eduardo Ferreira

2002-Apr-10 20:50 UTC

[Shorewall-users] newbie question: SMTP on DMZ zone

This is a multipart message in MIME format.
--=_alternative 007285C183256B97_Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I=B4m trying to setup a tree interface shorewall firewall.  in the dmz side,=20
there will be a Domino Server running smtp and web services.  The problem=20
occurs when I try to send a message from this server to the internet.  the 
smtp connection is stablished but hangs and after a while is closed.=20
could someone help me?

tks,

Eduardo Ferreira

 these are my configuration files:

-------------- zones file ---------------------------------
#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local networks
dmz     DMZ             Demilitarized zone
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

------------- interface file ------------------------------
#ZONE    INTERFACE      BROADCAST       OPTIONS
net      eth0           detect          noping, norfc1918,multi
loc      eth1           192.168.8.255   routestopped
dmz      eth2           192.168.9.4     routestopped
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

-------------- policy file ------------------------------
#CLIENT         SERVER          POLICY          LOG LEVEL
loc             net             ACCEPT
#loc            dmz             ACCEPT
dmz             loc             REJECT          info
dmz             net             REJECT          debug
net             dmz             REJECT          debug
net             all             DROP            info
all             all             REJECT          info
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

---------------- masq file ------------------------
#INTERFACE              SUBNET          ADDRESS
eth0                    192.168.8.0/24  200.157.40.137
eth0                    192.168.9.0/30  200.157.40.137
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE

----------------- rules file -------------------------
#-------------------
# a) loc->fw
# permite ssh (2222), ntp, www e https
#
ACCEPT          loc       $FW           tcp     2222,ntp,www,https

#------------------
# b) net->dmz
# permite portas smtp, html, https, notes
#
ACCEPT          net      dmz:192.168.9.2   tcp  25      -       all
ACCEPT          net      dmz:192.168.9.2   tcp  80      -       all
ACCEPT          net      dmz:192.168.9.2   tcp  443     -       all
ACCEPT          net      dmz:192.168.9.2   tcp  1352    -       all
# envia tr=E1fego na porta 2922 para porta 5800 no servidor notes (VNC)
ACCEPT          net      dmz:192.168.9.2:5800 tcp       2922    - all

#------------------
# c) dmz->net
# permite portas 25 (smtp), ntp e domain
#
ACCEPT          dmz      net            tcp     smtp,ntp,domain,1352
ACCEPT          dmz      net            udp     ntp,domain
#------------------
# d) loc->dmz
# permite notes (1352) e ftp para backup
#
ACCEPT          loc     dmz             tcp     1352,ftp,ftp-data
ACCEPT          loc     dmz             icmp    -
#------------------
# e) net->fw
# permite ssh da internet para o firewall utilizando a porta 2222
#
ACCEPT          net       $FW           tcp     2222

#------------------
# f) fw->net
# permite ntp
#
ACCEPT          $FW       net           udp     ntp,domain
ACCEPT          $FW       net           tcp ntp,ftp,ftp-data,2161,domain
#-----------------
# g) net->loc
# permite portas 2822 (vnc p/ w2k file server) e 2823 (vnc p/ w2k sql 2k)
#
ACCEPT          net     loc:192.168.8.1:5800    tcp     2822    - all
ACCEPT          net     loc:192.168.8.2:5800    tcp     2823    - all
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

--=_alternative 007285C183256B97_Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<br><font size=3D2 face=3D"sans-serif">I=B4m trying to
setup a tree interface shorewall firewall. &nbsp;in the dmz side, there will
be a Domino Server running smtp and web services. &nbsp;The problem occurs
when I try to send a message from this server to the internet. &nbsp;the
smtp connection is stablished but hangs and after a while is closed.
</font>
<br><font size=3D2 face=3D"sans-serif">could someone help
me?</font>
<br>
<br><font size=3D2 face=3D"sans-serif">tks,</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Eduardo
Ferreira</font>
<br>
<br><font size=3D2 face=3D"sans-serif">&nbsp;these are
my configuration files:</font>
<br>
<br><font size=3D2 face=3D"Courier New">--------------
zones file ---------------------------------</font>
<br><font size=3D2 face=3D"Courier New">#ZONE &nbsp;
DISPLAY &nbsp; &nbsp; &nbsp; &nbsp; COMMENTS</font>
<br><font size=3D2 face=3D"Courier New">net &nbsp;
&nbsp; Net &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
Internet</font>
<br><font size=3D2 face=3D"Courier New">loc &nbsp;
&nbsp; Local &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Local
networks</font>
<br><font size=3D2 face=3D"Courier New">dmz &nbsp;
&nbsp; DMZ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
Demilitarized zone</font>
<br><font size=3D2 face=3D"Courier New">#LAST LINE - ADD
YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE</font>
<br>
<br><font size=3D2 face=3D"Courier New">-------------
interface file ------------------------------</font>
<br><font size=3D2 face=3D"Courier New">#ZONE &nbsp;
&nbsp;INTERFACE &nbsp; &nbsp; &nbsp;BROADCAST &nbsp;
&nbsp; &nbsp; OPTIONS</font>
<br><font size=3D2 face=3D"Courier New">net &nbsp;
&nbsp; &nbsp;eth0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
detect &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;noping,
norfc1918,multi</font>
<br><font size=3D2 face=3D"Courier New">loc &nbsp;
&nbsp; &nbsp;eth1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
192.168.8.255 &nbsp; routestopped</font>
<br><font size=3D2 face=3D"Courier New">dmz &nbsp;
&nbsp; &nbsp;eth2 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
192.168.9.4 &nbsp; &nbsp; routestopped</font>
<br><font size=3D2 face=3D"Courier New">#LAST LINE -- ADD
YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font>
<br>
<br><font size=3D2 face=3D"Courier New">--------------
policy file ------------------------------</font>
<br><font size=3D2 face=3D"Courier New">#CLIENT &nbsp;
&nbsp; &nbsp; &nbsp; SERVER &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;POLICY &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;LOG LEVEL</font>
<br><font size=3D2 face=3D"Courier New">loc &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; net &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; ACCEPT</font>
<br><font size=3D2 face=3D"Courier New">#loc &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;dmz &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; ACCEPT</font>
<br><font size=3D2 face=3D"Courier New">dmz &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; loc &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; REJECT &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp;info</font>
<br><font size=3D2 face=3D"Courier New">dmz &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; net &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; REJECT &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp;debug</font>
<br><font size=3D2 face=3D"Courier New">net &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dmz &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; REJECT &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp;debug</font>
<br><font size=3D2 face=3D"Courier New">net &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; all &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; DROP &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;info</font>
<br><font size=3D2 face=3D"Courier New">all &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; all &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; REJECT &nbsp; &nbsp;
&nbsp; &nbsp; &nbsp;info</font>
<br><font size=3D2 face=3D"Courier New">#LAST LINE -- ADD
YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font>
<br>
<br><font size=3D2 face=3D"Courier New">----------------
masq file ------------------------</font>
<br><font size=3D2 face=3D"Courier New">#INTERFACE
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;SUBNET &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;ADDRESS</font>
<br><font size=3D2 face=3D"Courier New">eth0 &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;192.168.8.0/24 &nbsp;200.157.40.137</font>
<br><font size=3D2 face=3D"Courier New">eth0 &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp; &nbsp;192.168.9.0/30 &nbsp;200.157.40.137</font>
<br><font size=3D2 face=3D"Courier New">#LAST LINE -- ADD
YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE</font>
<br>
<br><font size=3D2 face=3D"Courier New">-----------------
rules file -------------------------</font>
<br><font size=3D2 face=3D"Courier
New">#-------------------</font>
<br><font size=3D2 face=3D"Courier New"># a)
loc-&gt;fw</font>
<br><font size=3D2 face=3D"Courier New"># permite ssh
(2222), ntp, www e https</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;loc &nbsp; &nbsp; &nbsp;
$FW &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcp &nbsp;
&nbsp; 2222,ntp,www,https</font>
<br>
<br><font size=3D2 face=3D"Courier
New">#------------------</font>
<br><font size=3D2 face=3D"Courier New"># b)
net-&gt;dmz</font>
<br><font size=3D2 face=3D"Courier New"># permite portas
smtp, html, https, notes</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
&nbsp;dmz:192.168.9.2 &nbsp; tcp &nbsp;25 &nbsp; &nbsp;
&nbsp;- &nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
&nbsp;dmz:192.168.9.2 &nbsp; tcp &nbsp;80 &nbsp; &nbsp;
&nbsp;- &nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
&nbsp;dmz:192.168.9.2 &nbsp; tcp &nbsp;443 &nbsp; &nbsp; -
&nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
&nbsp;dmz:192.168.9.2 &nbsp; tcp &nbsp;1352 &nbsp; &nbsp;-
&nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New"># envia tr=E1fego
na porta 2922 para porta 5800 no servidor notes (VNC)</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
&nbsp;dmz:192.168.9.2:5800 tcp &nbsp; &nbsp; &nbsp; 2922
&nbsp; &nbsp;- &nbsp; &nbsp; &nbsp; all</font>
<br>
<br><font size=3D2 face=3D"Courier
New">#------------------</font>
<br><font size=3D2 face=3D"Courier New"># c)
dmz-&gt;net</font>
<br><font size=3D2 face=3D"Courier New"># permite portas
25 (smtp), ntp e domain</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;dmz &nbsp; &nbsp;
&nbsp;net &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;tcp &nbsp; &nbsp; smtp,ntp,domain,1352</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;dmz &nbsp; &nbsp;
&nbsp;net &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
&nbsp;udp &nbsp; &nbsp; ntp,domain</font>
<br><font size=3D2 face=3D"Courier
New">#------------------</font>
<br><font size=3D2 face=3D"Courier New"># d)
loc-&gt;dmz</font>
<br><font size=3D2 face=3D"Courier New"># permite notes
(1352) e ftp para backup</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;loc &nbsp; &nbsp; dmz
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcp &nbsp;
&nbsp; 1352,ftp,ftp-data</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;loc &nbsp; &nbsp; dmz
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; icmp
&nbsp; &nbsp;-</font>
<br><font size=3D2 face=3D"Courier
New">#------------------</font>
<br><font size=3D2 face=3D"Courier New"># e)
net-&gt;fw</font>
<br><font size=3D2 face=3D"Courier New"># permite ssh da
internet para o firewall utilizando a porta 2222</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp; &nbsp;
$FW &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcp &nbsp;
&nbsp; 2222</font>
<br>
<br><font size=3D2 face=3D"Courier
New">#------------------</font>
<br><font size=3D2 face=3D"Courier New"># f)
fw-&gt;net</font>
<br><font size=3D2 face=3D"Courier New"># permite
ntp</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;$FW &nbsp; &nbsp; &nbsp;
net &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; udp &nbsp;
&nbsp; ntp,domain</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;$FW &nbsp; &nbsp; &nbsp;
net &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; tcp &nbsp;
&nbsp; ntp,ftp,ftp-data,2161,domain</font>
<br><font size=3D2 face=3D"Courier
New">#-----------------</font>
<br><font size=3D2 face=3D"Courier New"># g)
net-&gt;loc</font>
<br><font size=3D2 face=3D"Courier New"># permite portas
2822 (vnc p/ w2k file server) e 2823 (vnc p/ w2k sql 2k)</font>
<br><font size=3D2 face=3D"Courier New">#</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
loc:192.168.8.1:5800 &nbsp; &nbsp;tcp &nbsp; &nbsp; 2822
&nbsp; &nbsp;- &nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New">ACCEPT &nbsp;
&nbsp; &nbsp; &nbsp; &nbsp;net &nbsp; &nbsp;
loc:192.168.8.2:5800 &nbsp; &nbsp;tcp &nbsp; &nbsp; 2823
&nbsp; &nbsp;- &nbsp; &nbsp; &nbsp; all</font>
<br><font size=3D2 face=3D"Courier New">#LAST LINE -- ADD
YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE</font>
<br>
--=_alternative 007285C183256B97_=--

Tom Eastep

2002-Apr-10 21:09 UTC

head link

[Shorewall-users] newbie question: SMTP on DMZ zone

Eduardo,

On Wed, 10 Apr 2002, Eduardo Ferreira wrote:
> I=B4m trying to setup a tree interface shorewall firewall.  in the dmz
side,
> there will be a Domino Server running smtp and web services.  The problem
> occurs when I try to send a message from this server to the internet.  the
> smtp connection is stablished but hangs and after a while is closed.
> could someone help me?
>
I don''t see anything wrong with your configuration:

a) have you used tcpdump to try to see what is happening?
b) have you disabled Shorewall log limiting as described in the
troubleshooting information and seen if there are any log messages being
generated?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Cowles, Steve

2002-Apr-10 21:31 UTC

head link

[Shorewall-users] newbie question: SMTP on DMZ zone

> -----Original Message-----
> From: Tom Eastep [mailto:teastep@shorewall.net]
> Sent: Wednesday, April 10, 2002 4:09 PM
> To: Eduardo Ferreira
> Cc: Shorewall Users List (shorewall-users@shorewall.net)
> Subject: Re: [Shorewall-users] newbie question: SMTP on DMZ zone
> 
> I don''t see anything wrong with your configuration:
> 
> a) have you used tcpdump to try to see what is happening?
> b) have you disabled Shorewall log limiting as described in the
> troubleshooting information and seen if there are any log 
> messages being generated?
Could this possibly be ECN related? i.e.

echo "0" >/proc/sys/net/ipv4/tcp_ecn

Steve Cowles

Eduardo Ferreira

2002-Apr-10 21:56 UTC

head link

[Shorewall-users] newbie question: SMTP on DMZ zone

This is a multipart message in MIME format.
--=_alternative 0078829883256B97_Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Tom,

thanks for the help.  As I said in the subject, I=B4m a newbie.  So, after a=20
while and apparently with no reason, things begun to work. Unfortunately,=20
I don=B4t know why. I didn=B4t change anything... ;-)

again, thanks. and please, keep the wonderful work...

Eduardo Ferreira





Tom Eastep <teastep@shorewall.net>
10/04/2002 18:09

=20
        To:     Eduardo Ferreira <duda@icatu.com.br>
        cc:     "Shorewall Users List
(shorewall-users@shorewall.net)"=20
<shorewall-users@shorewall.net>
        Subject:        Re: [Shorewall-users] newbie question: SMTP on DMZ zone


Eduardo,

On Wed, 10 Apr 2002, Eduardo Ferreira wrote:
> I=B4m trying to setup a tree interface shorewall firewall.  in the dmz=20
side,> there will be a Domino Server running smtp and web services.  The=20
problem> occurs when I try to send a message from this server to the internet.=20
the> smtp connection is stablished but hangs and after a while is closed.
> could someone help me?
>
I don''t see anything wrong with your configuration:

a) have you used tcpdump to try to see what is happening?
b) have you disabled Shorewall log limiting as described in the
troubleshooting information and seen if there are any log messages being
generated?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net




--=_alternative 0078829883256B97_Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


<br><font size=3D2 face=3D"sans-serif">Tom,</font>
<br>
<br><font size=3D2 face=3D"sans-serif">thanks for the
help. &nbsp;As I said in the subject, I=B4m a newbie. &nbsp;So, after a
while and apparently with no reason, things begun to work. Unfortunately, I
don=B4t know why. I didn=B4t change anything... ;-)</font>
<br>
<br><font size=3D2 face=3D"sans-serif">again, thanks. and
please, keep the wonderful work...</font>
<br>
<br><font size=3D2 face=3D"sans-serif">Eduardo
Ferreira</font>
<br>
<br>
<br>
<br>
<table width=3D100%>
<tr valign=3Dtop>
<td>
<td><font size=3D1 face=3D"sans-serif"><b>Tom Eastep
&lt;teastep@shorewall.net&gt;</b></font>
<p><font size=3D1 face=3D"sans-serif">10/04/2002
18:09</font>
<br>
<td><font size=3D1 face=3D"Arial">&nbsp; &nbsp;
&nbsp; &nbsp; </font>
<br><font size=3D1 face=3D"sans-serif">&nbsp;
&nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp;
&nbsp;Eduardo Ferreira &lt;duda@icatu.com.br&gt;</font>
<br><font size=3D1 face=3D"sans-serif">&nbsp;
&nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp;
&nbsp;&quot;Shorewall Users List
(shorewall-users@shorewall.net)&quot;
&lt;shorewall-users@shorewall.net&gt;</font>
<br><font size=3D1 face=3D"sans-serif">&nbsp;
&nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp;
&nbsp;Re: [Shorewall-users] newbie question: SMTP on DMZ
zone</font></table>
<br>
<br>
<br><font size=3D2 face=3D"Courier New">Eduardo,<br>
<br>
On Wed, 10 Apr 2002, Eduardo Ferreira wrote:<br>
<br>
&gt; I=B4m trying to setup a tree interface shorewall firewall. &nbsp;in
the dmz side,<br>
&gt; there will be a Domino Server running smtp and web services.
&nbsp;The problem<br>
&gt; occurs when I try to send a message from this server to the internet.
&nbsp;the<br>
&gt; smtp connection is stablished but hangs and after a while is
closed.<br>
&gt; could someone help me?<br>
&gt;<br>
<br>
I don''t see anything wrong with your configuration:<br>
<br>
a) have you used tcpdump to try to see what is happening?<br>
b) have you disabled Shorewall log limiting as described in the<br>
troubleshooting information and seen if there are any log messages
being<br>
generated?<br>
<br>
-Tom<br>
--<br>
Tom Eastep &nbsp; &nbsp;\ Shorewall - iptables made easy<br>
AIM: tmeastep &nbsp;\ http://www.shorewall.net<br>
ICQ: #60745924 &nbsp;\ teastep@shorewall.net<br>
<br>
</font>
<br>
<br>
--=_alternative 0078829883256B97_=--

Shorewall users - Apr 2002 - newbie question: SMTP on DMZ zone

[Shorewall-users] newbie question: SMTP on DMZ zone

[Shorewall-users] newbie question: SMTP on DMZ zone

[Shorewall-users] newbie question: SMTP on DMZ zone

[Shorewall-users] newbie question: SMTP on DMZ zone