Anyone, willing to take a lead on this one, since Tom is taking a rest:
"
I am hosting all servers by myself. I have five static IP addreses with a
DSL line. My DSL router from the ISP provider is configured as bridge, so no
traffic is filtered.
I checked the logs and getting:
Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=216.35.73.164 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=1508
PROTO=ICMP TYPE=3 CODE=1 [SRC=216.35.73.164 DST=66.58.99.84 LEN=40 TOS=0x00
PREC=0x00 TTL=236 ID=55762 DF PROTO=TCP SPT=51131 DPT=25 WINDOW=8760
RES=0x00 RST URGP=0 ]
Jan 5 23:23:21 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=216.35.73.164 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=1516
PROTO=ICMP TYPE=3 CODE=1 [SRC=216.35.73.164 DST=66.58.99.84 LEN=40 TOS=0x00
PREC=0x00 TTL=236 ID=31260 DF PROTO=TCP SPT=38949 DPT=25 WINDOW=8760
RES=0x00 RST URGP=0 ]
Jan 5 23:28:02 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=204.153.177.10 LEN=68 TOS=0x00 PREC=0xC0 TTL=255
ID=11282 PROTO=ICMP TYPE=3 CODE=1 [SRC=204.153.177.10 DST=66.58.99.84 LEN=40
TOS=0x00 PREC=0x00 TTL=241 ID=0 DF PROTO=TCP SPT=36011 DPT=25 WINDOW=0
RES=0x00 RST URGP=0 ]
Jan 5 23:28:58 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=216.35.73.164 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=1524
PROTO=ICMP TYPE=3 CODE=1 [SRC=216.35.73.164 DST=66.58.99.84 LEN=40 TOS=0x00
PREC=0x00 TTL=236 ID=40480 DF PROTO=TCP SPT=45350 DPT=25 WINDOW=8760
RES=0x00 RST URGP=0 ]
Jan 5 23:42:42 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=66.58.99.86 DST=216.35.73.164 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=1532
PROTO=ICMP TYPE=3 CODE=1 [SRC=216.35.73.164 DST=66.58.99.84 LEN=40 TOS=0x00
PREC=0x00 TTL=236 ID=12542 DF PROTO=TCP SPT=60986 DPT=25 WINDOW=8760
RES=0x00 RST URGP=0 ]
and here are my rules:
ACCEPT dmz:66.58.99.84 wan tcp 25 -
ACCEPT dmz:66.58.99.84 wan tcp pop3 -
ACCEPT lan dmz:66.58.99.84 tcp pop3 -
ACCEPT lan dmz:66.58.99.84 tcp 25 -
ACCEPT fw dmz:66.58.99.84 tcp 25 -
ACCEPT wan dmz:66.58.99.84 tcp pop3 -
ACCEPT wan dmz:66.58.99.84 tcp 25 -
ACCEPT dmz:66.58.99.84 fw tcp 25 -
Unfortunatelly, I already searched and read the whole documentation on
shorewall.net site. google.com didn''t help much either. It''s
something
small, but somehow could not get it.
If you need some other files, listings, I am ready to post them here.
Regards and thank you for your help,
Trifon Anguelov "
Trifon Anguelov
-----Original Message-----
From: Tom Eastep [mailto:teastep@shorewall.net]
Sent: Monday, January 06, 2003 3:34 PM
To: Trifon Anguelov; ''shorewall-users@shorewall.net''
Subject: Re: [Shorewall-users] SMTP traffic gets blocked
--On Monday, January 06, 2003 03:27:33 PM -0800 Trifon Anguelov
<TAnguelov@kana.com> wrote:
> Hi,
>
> I am trying to configure the SMTP service on DMZ host. Added the rule:
>
> ACCEPT wan dmz:66.58.99.84 tcp pop3 -
> ACCEPT wan dmz:66.58.99.84 tcp 25 -
> ACCEPT dmz:66.58.99.84 wan tcp 25 -
> ACCEPT dmz:66.58.99.84 wan tcp pop3 -
>
> issued shorewall clear, shorewall restart, but still couldn''t
telnet to
> the mail server on port 25.
>
> Are mine rules wrong or something else has to be done? I have another
> host DNS server which is working fine. The SSH to the mail server on port
> 22 is working fine, too.
>
> Could you please, help me?
>
Does your ISP block port 25? Many do...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
