thr3ads.net - Shorewall users - [Shorewall-users] Here I am again (smtp outbound blocked) [May 2002]

If this information is useful, please help other people find it:
Share via:

Jim Van Eeckhoutte

2002-May-22 17:00 UTC

[Shorewall-users] Here I am again (smtp outbound blocked)

i cannot telnet out via port 25.
Here is my shorewall output if it will help. Please tell what i am doing wrong.

Problem: telnet mail.edgucate.com 25 times out (or any other email servers)
router setup: bering rc1 ppp0(dialup verizon)----eth0(internal lan)
using dnscache(which dont work):(
verizon doesnt block port 25 (called on it)
 
P.S. all win2k machines are getting web access fine.

Shorewall-1.2.8 Chain  at lava - Wed May 22 07:56:27 /etc/localtime 2002

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   18   504 rfc1918    all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  ppp0   *       0.0.0.0/0            0.0.0.0/0   
udp dpts:67:68
   18   504 net2fw     all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
  860 49373 loc2fw     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
limit: avg 10/hour burst 5 LOG flags 0 level 6 prefix
`Shorewall:all2all:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  161  103K rfc1918    all  --  ppp0   *       0.0.0.0/0            0.0.0.0/0
  161  103K net2loc    all  --  ppp0   eth0    0.0.0.0/0            0.0.0.0/0
  188 23576 loc2net    all  --  eth0   ppp0    0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
limit: avg 10/hour burst 5 LOG flags 0 level 6 prefix
`Shorewall:all2all:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     udp  --  *      ppp0    0.0.0.0/0            0.0.0.0/0   
udp dpts:67:68
    0     0 fw2net     all  --  *      ppp0    0.0.0.0/0            0.0.0.0/0
  570 46040 fw2loc     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
limit: avg 10/hour burst 5 LOG flags 0 level 6 prefix
`Shorewall:all2all:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain all2all (3 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
   20  5105 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
limit: avg 10/hour burst 5 LOG flags 0 level 6 prefix
`Shorewall:all2all:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain common (5 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 icmpdef    icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x10/0x10
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
tcp flags:0x04/0x04
    3   553 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpts:137:139
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp dpt:445
    9  2952 DROP       all  --  *      *       0.0.0.0/0           
255.255.255.255
   18   504 DROP       all  --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
udp spt:53 state NEW
    8  1600 DROP       all  --  *      *       0.0.0.0/0           
192.168.20.255

Chain fw2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination
  570 46040 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain fw2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain icmpdef (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 4
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 3
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 11
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 12

Chain loc2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
  832 43772 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    8   496 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
   20  5105 all2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               destination
  168 22560 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:110
   20  1016 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (7 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2all (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
   18   504 common     all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
limit: avg 10/hour burst 5 LOG flags 0 level 6 prefix
`Shorewall:net2all:DROP:''
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2fw (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:110
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW udp dpt:53
    0     0 reject     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
state NEW tcp dpt:113
    0     0 ACCEPT     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0   
icmp type 8
   18   504 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain net2loc (1 references)
 pkts bytes target     prot opt in     out     source               destination
  161  103K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.20.4
state NEW tcp dpt:5361
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.20.5
state NEW tcp dpt:6891
    0     0 net2all    all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain reject (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with tcp-reset
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
reject-with icmp-port-unreachable

Chain rfc1918 (2 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  *      *       0.0.0.0/0           
255.255.255.255
    0     0 DROP       all  --  *      *       169.254.0.0/16       0.0.0.0/0
    0     0 logdrop    all  --  *      *       0.0.0.0/8            0.0.0.0/0
    0     0 logdrop    all  --  *      *       10.0.0.0/8           0.0.0.0/0
    0     0 logdrop    all  --  *      *       127.0.0.0/8          0.0.0.0/0
    0     0 logdrop    all  --  *      *       192.0.2.0/24         0.0.0.0/0
    0     0 logdrop    all  --  *      *       192.168.0.0/16       0.0.0.0/0
    0     0 logdrop    all  --  *      *       172.16.0.0/12        0.0.0.0/0
    0     0 logdrop    all  --  *      *       240.0.0.0/4          0.0.0.0/0

Chain shorewall (0 references)
 pkts bytes target     prot opt in     out     source               destination

Tom Eastep

2002-May-22 19:33 UTC

head link

[Shorewall-users] Here I am again (smtp outbound blocked)

On Wed, 22 May 2002, Jim Van Eeckhoutte wrote:
> Here they are, before and after txt files
> 
Your firewall is passing port 25 just fine so whatever is happening is 
happening outside of the firewall:

Chain loc2net (1 references)
 pkts bytes target     prot opt in     out     source               
destination
 2837  252K ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0          state RELATED,ESTABLISHED
    7   336 ACCEPT     tcp  --  *      *       0.0.0.0/0            
----------- <--- 7 packets for a total size of 336 bytes
		   were passed from the local zone to
		   the net zone.
0.0.0.0/0          state NEW tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          state NEW tcp dpt:110
  187  9989 ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0
-----------------------------------------------------------
Your firewall is waiting for a response from my mail server which clearly 
is accepting connections on TCP port 25 (proof -- I received your email).

tcp      6 92 SYN_SENT src=192.168.20.5 dst=206.124.146.177 sport=4611 
dport=25 [UNREPLIED] src=206.124.146.177 dst=<your ip address> sport=25 
dport=4611 use=1
-----------------------------------------------------------

And my firewall saw nothing:

[root@gateway root]# tcpdump -ni eth0 host <your ip address>
tcpdump: listening on eth0

So something outside of your firewall is blocking SMTP.

How are you sending emails?

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Shorewall users - May 2002 - Here I am again (smtp outbound blocked)

[Shorewall-users] Here I am again (smtp outbound blocked)

[Shorewall-users] Here I am again (smtp outbound blocked)