Hi I have shorewall/iptables running on my server (pub) but access to localhost is blocked then I attemp to use ping localhost, telnet localhost 25, echo Hello | sendmail -v root@localhost. All these commands were run after using shorewall reset and creating the attached file. All these commands work with shorewall clear. My problem is I can''t email the root messages from (pub) to (nor) where they are forwarded on to my mail accounts at my isp. Any attempt to send mail is met with "Connection timed out with [127.0.0.1]". Something has change possibly as my fault during changing the smart host to (nor) from another computer. Thank you Jim ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
Hi Sorry about the last post being in html. But apparently I cannot add an attachment to this one. So see the last post for the status.txt.gz I have shorewall/iptables running on my server (pub) but access to localhost is blocked then I attempt to use ping localhost, telnet localhost 25, echo Hello | sendmail -v root@localhost. All these commands were run after using shorewall reset and creating the attached file. All these commands work with shorewall clear. My problem is I can''t email the root messages from (pub) to (nor) where they are forwarded on to my mail accounts at my isp. Any attempt to send mail is met with "Connection timed out with [127.0.0.1]". Something has change possibly as my fault during changing the smart host to (nor) from another computer. Thank you Jim ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
On 3/18/11 6:22 PM, hoodcanaljim@usa.com wrote:> > Hi > I have shorewall/iptables running on my server (pub) but access to > localhost is blocked then I attemp to use ping localhost, telnet > localhost 25, echo Hello | sendmail -v root@localhost. All these > commands were run after using shorewall reset and creating the attached > file. All these commands work with shorewall clear. > > My problem is I can''t email the root messages from (pub) to (nor) where > they are forwarded on to my mail accounts at my isp. Any attempt to > send mail is met with "Connection timed out with [127.0.0.1]". > Something has change possibly as my fault during changing the smart host > to (nor) from another computer.Jim, Posting repeatedly does not get you faster service. It is 9:13pm here. the Huskies are playing in the NCAA tournament on TV and I''m not going to look at your posts until tomorrow. So enjoy your view of Hood Canal and check back in tomorrow. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
On 3/18/11 6:22 PM, hoodcanaljim@usa.com wrote:> > Hi > I have shorewall/iptables running on my server (pub) but access to > localhost is blocked then I attemp to use ping localhost, telnet > localhost 25, echo Hello | sendmail -v root@localhost. All these > commands were run after using shorewall reset and creating the attached > file. All these commands work with shorewall clear. > > My problem is I can''t email the root messages from (pub) to (nor) where > they are forwarded on to my mail accounts at my isp. Any attempt to > send mail is met with "Connection timed out with [127.0.0.1]". > Something has change possibly as my fault during changing the smart host > to (nor) from another computer.Jim, Somehow, you have managed to install a blanket DNAT rule: Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7 492 DNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.7 I suspect you have something like this in /etc/shorewall/rules: #ACTION SOURCE DEST DNAT- $FW 192.168.1.7 Clearly, that is a very bad idea. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
On 3/18/11 6:22 PM, hoodcanaljim@u wrote:> > Hi > I have shorewall/iptables running on my server (pub) but access to > localhost is blocked then I attemp to use ping localhost, telnet > localhost 25, echo Hello | sendmail -v root@localhost. All these > commands were run after using shorewall reset and creating theattached> file. All these commands work with shorewall clear. > > My problem is I can''t email the root messages from (pub) to (nor)where> they are forwarded on to my mail accounts at my isp. Any attempt to > send mail is met with "Connection timed out with [127.0.0.1]". > Something has change possibly as my fault during changing the smarthost> to (nor) from another computer.Jim, Somehow, you have managed to install a blanket DNAT rule: Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 7 492 DNAT all -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.7 I suspect you have something like this in /etc/shorewall/rules: #ACTION SOURCE DEST DNAT- $FW 192.168.1.7 Clearly, that is a very bad idea. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ######### Yes I have that. It is whats at the bottom of my rules file. I remember having changed it when I went from (pri) to (nor) for my mail forwarding. Unforgently there were a couple of other lines there that I deleted and I don''t know what they were. What should I have there to allow localhost on (pub) and access to (nor) and (pri)? Thanks Jim Why did the Huskies have to make it so close in the last minute?? ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
Tom I removed the line "DNAT $FW loc:192.168.1.7" from the end of the rules file. And all is running well. Thank you Go Huskies Jim ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d
On 3/19/11 2:21 PM, hoodcanaljim@usa.com wrote:> Thank you Go HuskiesGo Dogs! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d