firewall ports not working

Alexander Dalloz ad+lists at uni-x.org
Sat Jul 23 00:52:49 UTC 2005 

Am Sa, den 23.07.2005 schrieb Eric Wagar um 2:44:

> I have the following in my iptables:
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp -m limit --icmp-type echo-request
> --limit 2/second -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> # SSH
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
> # Mail
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports
> 21,80,6969
> # DNS
> -A RH-Firewall-1-INPUT -p tcp -m tcp -s 209.25.194.144/255.255.255.240
> -d 209.25.194.144/255.255.255.240 --dpor t 53 -j ACCEPT
> # SideKick Chat Server
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 2224:2225 -j ACCEPT
> # SideKick Streaming Server
> -A RH-Firewall-1-INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports
> 8009,8080
> # Pings
> -A OUTPUT -p icmp -m icmp -m limit --icmp-type echo-reply --limit
> 2/second -j ACCEPT
> # Outbound FTP and Mail
> -A OUTPUT -p tcp -m tcp -m multiport -j ACCEPT --sports 20,25
> # SideKick Chat Server
> -A OUTPUT -p tcp -m tcp --sport 2224:2225 -j ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> # SideKick Streaming Server
> -A OUTPUT -p tcp -m tcp -m multiport -j ACCEPT --sports 8009,8080
> COMMIT
> 
> Unfortunately, for what ever reason, I get no response when I try to
> telnet to port 25.  Do I miss some port somewhere when I was setting
> this up?

> eric

By default setup the MTAs Sendmail and Postfix (both Core - not sure how
exim from Extras is configured as shipped) are bound to localhost only.

netstat -alpen | grep ":25"

That command will show you whether you changed the configuration so that
the MTA is not only listening with 127.0.0.1:25. If you need to
reconfigure then for Sendmail edit the commented part in
/etc/mail/sendmail.mc and restart the daemon afterwards, for Postfix run

postconf -e "inet_interfaces = all'

and restart it.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 02:49:06 up 7 days, 7:21, load average: 0.13, 0.15, 0.17 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050723/ca9b27f7/attachment-0001.sig>

More information about the fedora-list mailing list