I have been looking on many groups and see a LOT of people having trouble with port 25 and Shorewall. Connections are are not being made either internal or public. Maybe this a just a bug in shorewall, as I have not seen one common solution answer nor a straight forward one at that. I have send message to other groups and nobody knows what is going on. Just what is goiong on here to make it happen??
--On Monday, November 04, 2002 8:39 PM -0600 Trent Creekmore <tcreek@gt.rr.com> wrote:> > I have been looking on many groups and see a LOT of people having trouble > with port 25 and Shorewall. > Connections are are not being made either internal or public. > > Maybe this a just a bug in shorewall, as I have not seen one common > solution answer nor a straight forward one at that. > I have send message to other groups and nobody knows what is going on. > > Just what is goiong on here to make it happen??All cases reported here have turned out to be other problems such as bad routing on the SMTP server or the user''s ISP is blocking port 25. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
--On Monday, November 04, 2002 10:35 PM -0600 Trent Creekmore <tcreek@gt.rr.com> wrote:> Thnaks you for the reply Tom, > > I do want point out that the problem you indicated for the SMTP server > started after the installation of Shorewall. > Many of those (including me) did an upgrade on Linux Madrake. I was using > version 8 and it had Bastille firewall installed and SMTP worked fine. > After the upgrade Shorewall was installed and that is when the problem > started. I have even seen those who did not even have a firewall and > installed Shorewall and the same result happened after its installation. > One could easily make an asumption that Shorewall could be the source of > the problem.1. I can''t be responsible for what people post in other forums Trent. If people don''t post to shorewall-users@shorewall.net and report their problems then as far as I''m concerned they don''t have any Shorewall problems. 2. For the record, Shorewall has NO port-specific logic outside of the tunnels file and DHCP handling -- so if port 25 doesn''t work, neither do ports 80, 21, 143 or 110 because they are all processed using the same set of code; only the port number is different. 3. Shorewall requires configuration in order to allow the connection requests that you want to allow. You can''t just install Shorewall, start it and have it magically know what connection requests you think are ok and what requests you think are not ok. 4. Mandrake releases their own Shorewall configurations which are different from anything that I release. 5. Mandrake are just now shipping 8.0 orders taken a month ago on their web site. So until they ship me the copy that I ordered back on October 3, my only clue about the configuration they provide comes from people whining that it doesn''t work. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Tuesday 05 November 2002 12:03 am, Tom Eastep wrote: =2E....snip......> 5. Mandrake are just now shipping 8.0 orders taken a month ago on their webI assume you meant 9.0? If so, I can send you the default configs that come=20 in the downloadable ISO. I have never had problems with what is shipped with Mandrake, but then I=20 always set up may own policy, interfaces, rules and zones at a minimum. But=20 I don''t have any problems with all the other "Stock" settings! Also keep in=20 mind that the shorewall shipped with Mandrake was packaged for MNF, although=20 this really shouldn''t make any difference. --=20 Regards Joseph Watson
--On Tuesday, November 05, 2002 01:10:28 AM -0500 Joseph Watson <jtwatson@datakota.com> wrote:> On Tuesday 05 November 2002 12:03 am, Tom Eastep wrote: > .....snip...... >> 5. Mandrake are just now shipping 8.0 orders taken a month ago on their >> web > > I assume you meant 9.0? If so, I can send you the default configs that > come in the downloadable ISO. >Thanks -- I would appreciate it since my copy of 9.0 STILL hasn''t arrived. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net