Re: [leaf-user] Dachstein - can't reach mail server on DMZ

Sat, 05 Oct 2002 18:54:30 -0700 

As I look through the firewall ruleset ... the input chain specifically ... 
I don't see a rule to ACCEPT port-25 traffic. Nor do I see one to ACCEPT 
port-80 traffic (but you did say the Web server worked, didn't you?).

WIth that as a hint, I *think* I've spotted the error in the config file. 
It is here:

         DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
                 tcp_${DMZ_NET}_domain
                 tcp_${DMZ_NET}_www
                 tcp_${DMZ_NET}_smtp"

Now first a word of caution ... I'm probably the worst shell scripter in 
the LEAF crowd, so I may be reading this wrong ... but since newline is the 
line delimiter for shell scripts, you shouldn't try to spread this variable 
over several lines without using the continue (\) character. Even that 
might not work, since the text is quoted ...  but it *might* work, even 
with cuotes, since apparently it works with the backtick, as here:

         EXTERN_IP=`ip addr list label $EXTERN_IF | \
                 grep inet | sed '1!d' | \
                 sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`

In any case, as written, this line looks like trouble to me, and I do note 
that only the first of the four entries here manages to generate an ACCEPT 
rule in the input chain. Try putting all of this on one line and see if 
that fixes your problem.

At 09:04 PM 10/5/02 -0400, Bob Skaroff comcast.net wrote:
>Thanks for responding, Ray.
>I have added the diagnostic info described at leaf support.
>
>I'm running Dachstein linux 4.0.6 with private.network at 192.168.1 and
>dmz.network at 192.168.2.
>The web server on dmz.network can be reached from the net.
>Mail sent to the mail server on dmz.network returns an error message to the
>sender.
>I've tried varying the coding of the DMZ_OPEN_DEST and DMZ_SERVER parameters
>in network.conf without success.
[details deleted]


--
-------------------------------------------"Never tell me the odds!"--------
Ray Olszewski                                   -- Han Solo
Palo Alto, California, USA                        [EMAIL PROTECTED]
-------------------------------------------------------------------------------



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to