On Tuesday 04 June 2002 11:18 pm, Michael Hudin wrote: > I've always assumed that the numbers in the brackets were port allowances
No, they're not (although I can't say what they are - I don't use iptables-save). If you look at the numbers, many of them are larger than 65535, so they're certainly not port numbers :-) > Here are my tables: > > *nat > > :PREROUTING ACCEPT [241:88600] > :POSTROUTING ACCEPT [0:9862] > :OUTPUT ACCEPT [68:4275] > > *mangle > > :PREROUTING ACCEPT [18365:3221456] > :INPUT ACCEPT [10886:760348] > :FORWARD ACCEPT [7269:2438049] > :OUTPUT ACCEPT [8009:752540] > :POSTROUTING ACCEPT [15177:3182145] > > *filter > > :INPUT ACCEPT [0:229546] > :FORWARD ACCEPT [363:1553786] > :OUTPUT ACCEPT [2:619341] I find this interesting - you have a default ACCEPT policy on all your chains - specifically on FORWARD, and I cannot see any rules you have included which DROP or REJECT packets..... so is there really any filtering going on in your firewall, or is it in fact just an open router doing some network address translation !? I know this doesn't exactly solve your problem, but I wonder if it means the problem isn't on your firewall ? Perhaps you could check the routing table on your SMTP server - what does it have for a default gateway address ? Antony.
