--0-1937163379-1028682894=:5352 Content-Type: text/plain; charset=us-ascii My firewall system is running a email server and imap. I am running the newest version of shorewall.This is what my rules script looks like. I can access the email server locally but the ports to the internet are closed. I am using the two interface script. Thanks # Accept Smtp and imaps #action source dest proto port ACCEPT net fw tcp smtp ACCEPT net fw tcp 993 ACCEPT net fw tcp 143 ACCEPT fw net tcp smtp ACCEPT fw net tcp 993 ACCEPT fw net tcp 143 ACCEPT fw loc tcp smtp ACCEPT fw loc tcp 993 ACCEPT fw loc tcp 143 ACCEPT loc fw tcp smtp ACCEPT loc fw tcp 993 ACCEPT loc fw tcp 143 --------------------------------- Do You Yahoo!? Yahoo! Health - Feel better, live better --0-1937163379-1028682894=:5352 Content-Type: text/html; charset=us-ascii <P>My firewall system is running a email server and imap. I am running the newest version of shorewall.This is what my rules script looks like. I can access the email server locally but the ports to the internet are closed. I am using the two interface script. Thanks</P> <P># Accept Smtp and imaps</P> <P>#action source dest proto port<BR>ACCEPT net fw tcp smtp<BR>ACCEPT net fw tcp 993<BR>ACCEPT net fw tcp 143<BR>ACCEPT fw net tcp smtp<BR>ACCEPT fw net tcp 993<BR>ACCEPT fw net tcp 143<BR>ACCEPT fw loc tcp smtp<BR>ACCEPT fw loc tcp 993<BR>ACCEPT fw loc tcp 143<BR>ACCEPT loc fw tcp smtp<BR>ACCEPT loc fw tcp 993<BR>ACCEPT loc fw tcp 143<BR></P><p><br><hr size=1><b>Do You Yahoo!?</b><br> <a href="http://health.yahoo.com/">Yahoo! Health</a> - Feel better, live better --0-1937163379-1028682894=:5352--
Tom Eastep
2002-Aug-07 01:19 UTC
[Shorewall-users] Question on how to open smtp and imap ports?
On Tue, 6 Aug 2002, Eric wrote:> > My firewall system is running a email server and imap. I am running the > newest version of shorewall.This is what my rules script looks like. I > can access the email server locally but the ports to the internet are > closed.Does your ISP block port 25 from the internet to you? Many ISPs do.> I am using the two interface script. Thanks > > # Accept Smtp and imaps > > #action source dest proto port > ACCEPT net fw tcp smtp > ACCEPT net fw tcp 993 > ACCEPT net fw tcp 143 > ACCEPT fw net tcp smtp > ACCEPT fw net tcp 993 > ACCEPT fw net tcp 143 > ACCEPT fw loc tcp smtp > ACCEPT fw loc tcp 993 > ACCEPT fw loc tcp 143 > ACCEPT loc fw tcp smtp > ACCEPT loc fw tcp 993 > ACCEPT loc fw tcp 143 > >Those rules will allow SMTP, IMAPS and IMAP from the internet to the firewall and from the local network to the firewall. They will also allow those services in the other direction although I suspect that smtp from the firewall to the net is the only one that your really need. In short, there is nothing wrong with your rules -- I suggest running tcpdump while you are trying to connect to see if the connection requests are ever reaching your firewall; I suspect that they are not... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Harish Pillay
2002-Aug-07 02:27 UTC
[Shorewall-users] Question on how to open smtp and imap ports?
Assuming that you are running thhe latest and greatest version of sendmail, you have to add the IP of the external port in your sendmail.cf file under the section SMTP daemon options which defaults to only the localhost 127.0.0.1. HTH. Harish On Tue, Aug 06, 2002 at 06:19:35PM -0700, Tom Eastep wrote:> On Tue, 6 Aug 2002, Eric wrote: > > > > > My firewall system is running a email server and imap. I am running the > > newest version of shorewall.This is what my rules script looks like. I > > can access the email server locally but the ports to the internet are > > closed. > > Does your ISP block port 25 from the internet to you? Many ISPs do. > > > I am using the two interface script. Thanks > > > > # Accept Smtp and imaps > > > > #action source dest proto port > > ACCEPT net fw tcp smtp > > ACCEPT net fw tcp 993 > > ACCEPT net fw tcp 143 > > ACCEPT fw net tcp smtp > > ACCEPT fw net tcp 993 > > ACCEPT fw net tcp 143 > > ACCEPT fw loc tcp smtp > > ACCEPT fw loc tcp 993 > > ACCEPT fw loc tcp 143 > > ACCEPT loc fw tcp smtp > > ACCEPT loc fw tcp 993 > > ACCEPT loc fw tcp 143 > > > > > > Those rules will allow SMTP, IMAPS and IMAP from the internet to the > firewall and from the local network to the firewall. They will also allow > those services in the other direction although I suspect that smtp from > the firewall to the net is the only one that your really need. > > In short, there is nothing wrong with your rules -- I suggest running > tcpdump while you are trying to connect to see if the connection requests > are ever reaching your firewall; I suspect that they are not... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users
Brett
2002-Aug-07 05:37 UTC
[Shorewall-users] Question on how to open smtp and imap ports?
hi, i think you may also comment out in the default redhat sendmail.mc file the following line DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA'') brett --- Harish Pillay <harish@maringotree.com> wrote:> Assuming that you are running thhe latest and > greatest version of sendmail, > you have to add the IP of the external port in your > sendmail.cf file under > the section SMTP daemon options which defaults to > only the localhost 127.0.0.1. > > HTH. > > Harish > > On Tue, Aug 06, 2002 at 06:19:35PM -0700, Tom Eastep > wrote: > > On Tue, 6 Aug 2002, Eric wrote: > > > > > > > > My firewall system is running a email server and > imap. I am running the > > > newest version of shorewall.This is what my > rules script looks like. I > > > can access the email server locally but the > ports to the internet are > > > closed. > > > > Does your ISP block port 25 from the internet to > you? Many ISPs do. > > > > > I am using the two interface script. Thanks > > > > > > # Accept Smtp and imaps > > > > > > #action source dest proto > port > > > ACCEPT net fw tcp > smtp > > > ACCEPT net fw tcp > 993 > > > ACCEPT net fw tcp > 143 > > > ACCEPT fw net tcp > smtp > > > ACCEPT fw net tcp > 993 > > > ACCEPT fw net tcp > 143 > > > ACCEPT fw loc tcp > smtp > > > ACCEPT fw loc tcp > 993 > > > ACCEPT fw loc tcp > 143 > > > ACCEPT loc fw tcp > smtp > > > ACCEPT loc fw tcp > 993 > > > ACCEPT loc fw tcp > 143 > > > > > > > > > > Those rules will allow SMTP, IMAPS and IMAP from > the internet to the > > firewall and from the local network to the > firewall. They will also allow > > those services in the other direction although I > suspect that smtp from > > the firewall to the net is the only one that your > really need. > > > > In short, there is nothing wrong with your rules > -- I suggest running > > tcpdump while you are trying to connect to see if > the connection requests > > are ever reaching your firewall; I suspect that > they are not... > > > > -Tom > > -- > > Tom Eastep \ Shorewall - iptables made easy > > AIM: tmeastep \ http://www.shorewall.net > > ICQ: #60745924 \ teastep@shorewall.net > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@shorewall.net > > >http://www.shorewall.net/mailman/listinfo/shorewall-users> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com