* Steve Manes <[EMAIL PROTECTED]> [001210 12:06]:
> At 08:47 AM 12/10/00 -0800, Phil Oester wrote:
> >Your output rule for port 25 is definitely the problem. Contrary to your
> >belief, it is filtering outbound traffic on eth0. Personally, I don't think
> >that's such a good idea - my firewall allows everything outbound, and only
> >filters inbound. Try changing your SMTP output rule to this:
> >
> >/sbin/ipchains -A output -j ACCEPT -i $EXTERNAL_INTERFACE -p tcp -s $IPADDR
> >25 -d 0.0.0.0/0
>
> Thanks for the help. I tried it but unfortunately it's still
> blocking. Here's the /var/log/messages. It looks like the same error. I
> also tried removing the "! -y" in the original IPCHAINS arguments and that
> didn't help either.
Most likely, you have a rule in the output chain that has a higher
precendence that is blocking the outgoing traffic. By adding a rule like:
/sbin/ipchains -I output 1 -j ACCEPT -i $EXTERNAL_INTERFACE -p tcp -s
$IPADDR -d 0/0 25
(Note that port 25 is the *destination* port also, NOT the source port.)
Also, you might check the output chain to ensure that a block is actually
there:
/sbin/ipchains -L output -n | grep " 25"
See what that turns up. Finally, you might check with the firewall software
author or support list, since it would seem that that is where the problem
apparently lies.
/pg
--
Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
---
If I ever opened a trampoline store, I don't think I'd call it Tramp-Land,
because you might think it was a store for tramps, which is not the impression
we are trying to convey with our store. On the other hand, we would not
prohibit tramps from browsing, or testing the trampolines, unless a tramp's
gyrations seemed to be getting out of control.
(Jack Handey)
