On Tue, 23 Dec 2003 22:13:34 -0600, Lynn Avants wrote: >Kory. > <SNIP>
It took me about 4 days to get everything setup correctly >the first >time.... then life got much easier. This may not be much comfort, >but you >might want to take a day off and let your mind clear. Reading all the >different docs (I know you've read) on these programs and trying to >swallow all the information at once tends to really muddy the water. >There is something wrong with a configuration file or the logic of >your setup and a days rest is what allowed everything to clear up >again. > >After a mental rest, post the current config files to tinydns, >qmail, the >`ls -l` output of your user directories, the complete topology of >your >network, and the forwarding chains (from shorewall) to indicate >what services are being allowed and forwarded. Lynn and all, Happy Holiday Wishes!!! After a great home holiday I have done as Lynn, suggests and put this problem aside for a day. I am posting this this as a fresh start to debugging my DMZ web and mail server issues. Rather than try some fancy ascii art, I am just going to describe my network setup. It is quite simple: Cable modem access to internet connected to a Bering 1.2 router with 3 interfaces set to the default config for a system with a DMZ. The router acts as a small file server for mail client storage with a small ide disk and samba. eth0 - external I/F DHCP eth1 - connects to loc lan mostly windows boxen using DHCP but assigns fixed IP's based on mac address domain is kroffts.home 192.168.1 eth2 - dmz, connects to single machine running stripped down Bering 1.2 with weblet, ssh and qmail domain is kroffts.dmz 192.168.10 The plan is to have the dmz host a mail server and web server for the domain kroffts.com which is registered at dnsexit.com who provides the dynamic dns service which points to my IP as updated with ez-ipupdate. My goal is to host my own email so I can set my own limits on message size and have [EMAIL PROTECTED] without paying fees to a hosting service. Additionally I am trying to learn new skills in how to setup and configure such services. The web server is a bonus over the mail server and will host very simple semi private pages. So far, the web server works and is visible from outside the network but not from inside since I changed the dmz domain from kroffts.com to kroffts.dmz. Qmail is running but with the domain set at kroffts.dmz, I cannot send mail or receive it. While testing with the dmz domain set to kroffts.com I was able to send and receive mail but pop access was very slow and some mail clients would time out. The user lrpqmail was the only one able to receive mail. Now the config files: Router========================================== packages in use 1) initrd 2) ezipupd 3) local 4) modules 5) pump 6) shorwall 7) ulogd 8) samba 9) dhcpd 10) dnscache 11) tinydns 12) weblet /etc/hosts 127.0.0.1 localhost.kroffts.home localhost 192.168.1.254 markii 192.168.1.1 coventry.kroffts.home coventry 192.168.10.1 kroffts.dmz dmz kroffts_web /etc/resolv.conf domain kroffts.home nameserver 127.0.0.1 nameserver 192.168.1.254 /etc/tinydns-private/env/DNSTYPE PRIVATE /etc/tinydns-private/env/IP 127.0.0.1 /etc/tinydns-private/env/DOMAINS 1.168.192.in-addr.arpa kroffts.home 10.168.192.in-addr.arpa kroffts.dmz /etc/tinydns-private/root/data =localhost:127.0.0.1 localhost:127.0.0.1:a 1.0.0.127.in-addr.arpa:127.0.0.1:a kroffts.home:127.0.0.1:a 1.168.192.in-addr.arpa:127.0.0.1:a =markii.kroffts.home:192.168.1.254 =coventry.kroffts.home:192.168.1.1 /etc/shorewall/rules #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST # # Accept DNS connections from the firewall to the network # DROP net fw tcp 67,68 DROP net fw tcp 4662 DROP net fw udp 4662 DROP net fw icmp 8 ACCEPT fw net tcp 80 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT dmz net tcp 53 ACCEPT dmz net udp 53 ACCEPT dmz fw tcp 53 ACCEPT dmz fw udp 53 # # Accept SSH connections from the local network for administration of the DMZ # ACCEPT loc dmz tcp 22 # # Bering specific rules: # allow loc to fw udp/53 for dnscache to work # allow loc to fw tcp/80 for weblet to work # ACCEPT loc fw udp 53 ACCEPT loc fw tcp 80 # #Enable Samba ports ACCEPT loc fw udp 137,138 ACCEPT loc fw tcp 139 # #Open http and mail ports on dmz DNAT net dmz:192.168.10.1:80 tcp 80 DNAT net dmz:192.168.10.1 tcp 25 DNAT net dmz:192.168.10.1 udp 25 ACCEPT dmz fw tcp 113 #Added for qmail reverse lookup ACCEPT loc dmz tcp 25 ACCEPT dmz net tcp 110 ACCEPT loc dmz tcp 110 ACCEPT loc dmz udp 110 ACCEPT loc dmz tcp 80 DNAT net dmz:192.168.10.1 tcp 110 DNAT net dmz:192.168.10.1 udp 110 DNAT loc dmz:192.168.10.1:80 tcp 80 - 24.210.193.152 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE DMZ================================================= Packages loaded 1) initrd 2) local 3) modules 4) pump (not currently used) 5) daemontl 6) qmail 7) sshd 8) weblet /etc/network/interfaces iface eth0 inet static address 192.168.10.1 masklen 24 broadcast 192.168.10.255 gateway 192.168.10.254 /etc/resolv.conf domain kroffts.dmz nameserver 127.0.0.1 nameserver 192.168.1.254 nameserver 192.168.10.254 Qmail stuff /var/qmail/control/me kroffts.dmz /var/qmail/control/rcpthosts kroffts.dmz kroffts.com kroffts.home /var/qmail/control/locals kroffts.dmz /var/qmail/control/defaultdomain kroffts.dmz /var/qmail/control/plusdomain kroffts.dmz /var/qmail/service/pop3d/run #!/bin/sh exec /usr/bin/softlimit -m 2000000 \ /usr/bin/tcpserver -v -R 0 pop-3 /var/qmail/bin/qmail-popup \ kroffts.dmz /usr/bin/checkpassword /var/qmail/bin/qmail-pop3d \ Maildir 2>&1 /etc/tcp.smtp 127.:allow,RELAYCLIENT="" 192.168.:allow,RELAYCLIENT="" # ls -l /home/lrpqmail drwx------ 5 lrpqmail lrpqmail 100 Dec 24 18:46 Maildir # ls -l /server/home/kkrofft drwx------ 5 kkrofft mailuser 120 Dec 16 23:11 Maildir Thanks to all who are able to suggest what I need to fix. I am sure I need work on the tinydns config on the router and some user config assistance on the qmail server side. Thank you, Kory Krofft ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html