Re: [leaf-user] My Dachstein not quite up and running

Chris Low Wed, 12 Feb 2003 17:37:32 -0800

EXTERN_TCP_PORTS="0/0_25"
to allow anyone on the internet to send you e-mail, and you'll probably have a lot better luck.

Did it and still not receiving. Also tried Mike's suggestion to remove the $ from INTERN_SERVERS="tcp_$192.168.1.2_smtp_10.10.10.200_smtp". Backed up the firewall and rebooted, still nothing.

output from netstat -nr still looks the same

here's the output from ipchains -nvL

Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize sou
rce destination ports
18 1296 DENY udp ------ 0xFF 0x00 eth0 192
.168.1.1 0.0.0.0/0 * -> 520
0 0 DENY udp ------ 0xFF 0x00 eth0 0.0
.0.0 0.0.0.0/0 * -> 68
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 5 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0
.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 255
.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 127
.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 224
.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0 10.
0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 172
.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0
.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 128
.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 191
.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 192
.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 223
.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 240
.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 10.
10.10.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 192
.168.1.2 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0
.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0
.0.0/0 10.10.10.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 135
87 6786 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 135
6 492 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 138:139
20 4453 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 135 -> *
19 936 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 25
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 113
612 214K ACCEPT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 68
0 0 DENY udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 67
26 4235 ACCEPT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 n/a
194 19071 REJECT udp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 161:162 -> *
722 50654 ACCEPT all ------ 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize sou
rce destination ports
0 0 DENY icmp ----l- 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 5 -> *
12 624 MASQ tcp ------ 0xFF 0x00 * 10.
10.10.200 0.0.0.0/0 25 -> *
628 44894 MASQ all ------ 0xFF 0x00 eth0 10.
10.10.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize sou
rce destination ports
1558 294K fairq all ------ 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0
.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 255
.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 127
.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 224
.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0 10.
0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 172
.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 0.0
.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 128
.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 191
.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 192
.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 223
.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0 240
.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0 10.
10.10.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 137
4 176 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0
.0.0/0 0.0.0.0/0 135 -> *
1554 293K ACCEPT all ------ 0xFF 0x00 * 0.0
.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize sou
rce destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 * -> 179
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 179 -> *
10 494 RETURN tcp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 * -> 53
8 564 RETURN tcp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 53 -> *
27 2097 RETURN udp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 * -> 53
25 4089 RETURN udp ------ 0xFF 0x00 * 0x1 0
.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0
.0.0.0/0 0.0.0.0/0 * -> 23
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0
.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0
.0.0.0/0 0.0.0.0/0 * -> 22
61 4495 RETURN tcp ------ 0xFF 0x00 * 0x2 0
.0.0.0/0 0.0.0.0/0 22 -> *

0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a

This is the last of the input rules for the external interface. Attempted connections to the smtp port should be hitting this rule and getting denied (and logged). The fact that there are no packets that match this rule at all means you have not blocked any packets with the default deny...either the box was on a very short amount of time, or you're on a really quite IP range and don't have any friends (or haven't updated your MX records yet :)

It was only on for about an hour--just long enough to set everything up and test it out. Since the server is live I can only make changes to it when the office is empty or it'll disrupt the workflow.

What does it mean to update the MX records?

subnet 10.10.10.0 netmask 255.255.255.0 {
     option routers 10.10.10.254;
     option domain-name "esimail.org";
     option domain-name-servers 208.57.0.10;
     range 10.10.10.1 10.10.10.199;
}
Should I change or add something else?
This looks OK, assuming 208.57.0.10 is your ISP's DNS server. The domain-name-servers option should be 10.10.10.254 if you want to use DNSCache. Note that you are only providing one DNS server to your dhcp clients, while in the network.conf settings above you have a primary and secondary entry. If the 208.57.0.10 machine is not working properly, your firewall (and any other systems with both DNS IP's) will automatically use the other system, while machines configured via dhcp will simply fail.

I'm assuming this is a space separated list so to add the secondary DNS server it'll be something like:
option domain-name-servers 208.57.0.10 208.57.0.11;

I suspect, however, the difference between the working and non-working systems on your internal network relates to DNS. Run "ipconfig /all" on your internal systems, and compare the DNS settings. Once you figure out which settings work, and which are broken, we can begin to determine why, and fix the problem.

Gonna focus on working on the Exchange server first then worry about this...




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] My Dachstein not quite up and running

Reply via email to