firewall ports not working

Alexander Dalloz ad+lists at uni-x.org
Sat Jul 23 16:32:52 UTC 2005


Am Sa, den 23.07.2005 schrieb Eric Wagar um 15:52:

> > Please post the output of "service iptables status". What you posted in
> > your first mail was incomplete an probably hides the problem.
> 
> The previous output was from what I thought the relevant file
> information from the /etc/sysconfig/iptables.  But, the following output
> is the service output:

> Table: filter
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
> limit: avg 2/sec burst 5
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> multiport sports 20,25
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> spts:2224:2225
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> multiport sports 8009,8080
> 
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
> limit: avg 2/sec burst 5
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> multiport dports 21,80,6969
> ACCEPT     tcp  --  209.25.194.144/28    209.25.194.144/28   tcp dpt:53
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> dpts:2224:2225
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> multiport dports 8009,8080
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with
> icmp-host-prohibited

Looks like it should allow traffic on port 25. If you switch down
iptables by running "service iptables stop" you are able to connect to
Postfix by using telnet to port 25 from another host? With iptables on
you can only reach port 25 on localhost?

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 18:30:54 up 7 days, 23:03, load average: 0.50, 0.60, 0.64 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050723/de101471/attachment-0001.sig>


More information about the fedora-list mailing list