Hello ! Iam having problem to access POP accounts from my LAN, and I don''t know if this have any relation with shorewall or netfilter. When I try to acess any POP accounts in the Internet, it gives me timeout. I try with : outlook and thunderbird in Windows98. From a Linux desktop I try to use telnet to test : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-users@desktop:$ telnet remoteserver.com 110 Trying 200.x.x.x ... Connected to remoteserver.com. Escape character is ''^]''. +OK POP3 remoteserver.com v2003.83 server ready USER users +OK User name accepted, password please PASS password +OK Mailbox open, 3 messages retr 1 freeze...... and timeout.... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Best Regards =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Cleiton Peres Reis wrote:> Hello ! > > Iam having problem to access POP accounts from my LAN, and I don''t know if this have > any relation with shorewall or netfilter. > > When I try to acess any POP accounts in the Internet, it gives me timeout. I try with : > outlook and thunderbird in Windows98. > > From a Linux desktop I try to use telnet to test : > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> users@desktop:$ telnet remoteserver.com 110 > Trying 200.x.x.x ... > Connected to remoteserver.com. > Escape character is ''^]''. > +OK POP3 remoteserver.com v2003.83 server ready > USER users > +OK User name accepted, password please > PASS password > +OK Mailbox open, 3 messages > retr 1 > > freeze...... > and > timeout....shorewall clear solves the problem? 1. seems ( since Im guessing you don''t provide ANY CLUE about your configuration ) the destination server is broken. 2. what you need is IMAP, trust me ;-) 3. if you don''t provide any clue about how your configuration looks, relevant log messages, is very unlikely somebody will help you. read the support instructions. http://www.shorewall.net/support.html
On Wednesday 08 March 2006 13:01, Cristian Rodriguez wrote:> Cleiton Peres Reis wrote: > > Hello ! > > > > Iam having problem to access POP accounts from my LAN, and I don''t know > > if this have any relation with shorewall or netfilter. > > > > When I try to acess any POP accounts in the Internet, it gives me > > timeout. I try with : outlook and thunderbird in Windows98. > > > > From a Linux desktop I try to use telnet to test : > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> >-=-=-= users@desktop:$ telnet remoteserver.com 110 > > Trying 200.x.x.x ... > > Connected to remoteserver.com. > > Escape character is ''^]''. > > +OK POP3 remoteserver.com v2003.83 server ready > > USER users > > +OK User name accepted, password please > > PASS password > > +OK Mailbox open, 3 messages > > retr 1 > > > > freeze...... > > and > > timeout.... > > shorewall clear solves the problem? > > 1. seems ( since Im guessing you don''t provide ANY CLUE about your > configuration ) the destination server is broken. > > 2. what you need is IMAP, trust me ;-) > > 3. if you don''t provide any clue about how your configuration looks, > relevant log messages, is very unlikely somebody will help you. > > read the support instructions. > http://www.shorewall.net/support.htmlWhile I agree with Cristian that we can solve your problem much more quickly if you follow the support guide when reporting the problem, I can offer one guess -- did you follow the QuickStart Guide instructions regarding CLAMPMSS? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Ok. Let''s restart from begin : This is the Problem : Iam having problem to access POP accounts from my LAN, and I don''t know if this have any relation with shorewall or netfilter. When I try to acess any POP accounts in the Internet, it gives me timeout. I try with : outlook and thunderbird in Windows98. From a Linux desktop I try to use telnet to test : =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- users@desktop:$ telnet remoteserver.com 110 Trying 200.x.x.x ... Connected to remoteserver.com. Escape character is ''^]''. +OK POP3 remoteserver.com v2003.83 server ready USER users +OK User name accepted, password please PASS password +OK Mailbox open, 3 messages retr 1 freeze...... and timeout.... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From outside the LAN I can access the same POP servers without problems.> While I agree with Cristian that we can solve your problem much more quickly > if you follow the support guide when reporting the problem, I can offer one > guess -- did you follow the QuickStart Guide instructions regarding CLAMPMSS?========[ Shorewall VERSION ]================================== 3.0.1-1 (Running on Debian Sarge) ========[ KERNEL VERSION ]================================== 2.6.11 ========[ Iptables VERSION ]=================================== 1.3.3-1 ========[ OUTPUT OF : ip addr show ]============================ srv:~# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:08:54:2d:ea:da brd ff:ff:ff:ff:ff:ff inet 10.0.0.137/24 brd 10.0.0.255 scope global eth0 inet6 fe80::208:54ff:fe2d:eada/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:48:54:82:51:55 brd ff:ff:ff:ff:ff:ff inet 192.168.10.254/24 brd 192.168.10.255 scope global eth1 inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1:1 inet6 fe80::248:54ff:fe82:5155/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:c0:26:10:10:1f brd ff:ff:ff:ff:ff:ff inet 10.0.1.139/24 brd 10.0.1.255 scope global eth2 inet6 fe80::2c0:26ff:fe10:101f/64 scope link valid_lft forever preferred_lft forever 5: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 201.11.215.170 peer 201.40.138.254/32 scope global ppp0 7: ppp1: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 3 link/ppp inet 200.203.63.193 peer 201.40.138.254/32 scope global ppp1 srv:~# ========[ OUTPUT OF : ip route show ]============================ srv:~# ip route show 201.40.138.254 dev ppp1 proto kernel scope link src 200.203.63.193 201.40.138.254 dev ppp0 proto kernel scope link src 201.11.215.170 10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.137 10.0.1.0/24 dev eth2 proto kernel scope link src 10.0.1.139 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.254 default via 201.40.138.254 dev ppp0 srv:~# ========[ OUTPUT OF : shorewall show capabilities ]================== srv:~# shorewall show capabilities Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available CONNMARK Target: Available Connmark Match: Available Raw Table: Available CLASSIFY Target: Available srv:~# ============================================================ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis Servidores Linux. DoctorNet Redes e Conectividade Ltda Rua General Osorio, 1092 Centro - CEP 96020-000 - Pelotas/RS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Sorry, my fault I will remember in next post :-) but your guess about CLAMPMSS works !! I put CLAMPMSS=Yes, and everything works fine now. Thanks Tom ! just for curious, why this problem don''t appear early ? I used this system with CLAMPMSS=No, for at least 6 months, and never happens this problem .... Thanks again ! Tom Eastep disse:> On Wednesday 08 March 2006 13:01, Cristian Rodriguez wrote: >> Cleiton Peres Reis wrote: >> > Hello ! >> > >> > Iam having problem to access POP accounts from my LAN, and I don''t know >> > if this have any relation with shorewall or netfilter. >> > >> > When I try to acess any POP accounts in the Internet, it gives me >> > timeout. I try with : outlook and thunderbird in Windows98. >> > >> > From a Linux desktop I try to use telnet to test : >> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-> >-=-=->> users@desktop:$ telnet remoteserver.com 110 >> > Trying 200.x.x.x ... >> > Connected to remoteserver.com. >> > Escape character is ''^]''. >> > +OK POP3 remoteserver.com v2003.83 server ready >> > USER users >> > +OK User name accepted, password please >> > PASS password >> > +OK Mailbox open, 3 messages >> > retr 1 >> > >> > freeze...... >> > and >> > timeout.... >> >> shorewall clear solves the problem? >> >> 1. seems ( since Im guessing you don''t provide ANY CLUE about your >> configuration ) the destination server is broken. >> >> 2. what you need is IMAP, trust me ;-) >> >> 3. if you don''t provide any clue about how your configuration looks, >> relevant log messages, is very unlikely somebody will help you. >> >> read the support instructions. >> http://www.shorewall.net/support.html > > While I agree with Cristian that we can solve your problem much more quickly > if you follow the support guide when reporting the problem, I can offer one > guess -- did you follow the QuickStart Guide instructions regarding CLAMPMSS? > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Cleiton Peres Reis Servidores Linux. DoctorNet Redes e Conectividade Ltda Rua General Osorio, 1092 Centro - CEP 96020-000 - Pelotas/RS =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Hello everybody, I nedd to route all traffic from my eth1 to tun0. How can I do that?? Thanks a lot ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Thursday 09 March 2006 07:11, Javier Pardo wrote:> Hello everybody, I nedd to route all traffic from my eth1 to tun0. How can > I do that??Please don''t hijack another thread -- start your own. Your problem has nothing to do wo "POP3 access timeout. (solved) so why would you post under that title. And when you start your new thread, please give us some details. Given that you have a ''tun0'' device, it sounds like you might be using OpenVPN; if so, there is a lot of information on the Shorewall website about using Shorewall with OpenVPN so I recommend that you check there first. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Cleiton Peres Reis wrote:> Sorry, my fault I will remember in next post :-) > > but your guess about CLAMPMSS works !! > > I put CLAMPMSS=Yes, and everything works fine now. Thanks Tom ! > > just for curious, why this problem don''t appear early ? I used this system with > CLAMPMSS=No, for at least 6 months, and never happens this problem .... >most likely your ISP has changed policies or something.
On Thursday 09 March 2006 11:58, Cristian Rodriguez wrote:> Cleiton Peres Reis wrote: > > Sorry, my fault I will remember in next post :-) > > > > but your guess about CLAMPMSS works !! > > > > I put CLAMPMSS=Yes, and everything works fine now. Thanks Tom ! > > > > just for curious, why this problem don''t appear early ? I used this > > system with CLAMPMSS=No, for at least 6 months, and never happens this > > problem .... > > most likely your ISP has changed policies or something.CLAMPMSS=Yes works around broken MTU discovery. There are fools everwhere who somehow believe that "ICMP is evil and must be blocked". All you need is one of these idiots administering a router between your client computers and a server that they are trying to connect to and you get the problem that you were seeing. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key