RE: [qmailtoaster] iptables firewall issue

Helmut Fritz Fri, 12 Nov 2010 09:57:27 -0800

i have the same issue with mine, and the -restore command was in my
rc.local.  i have attached my anaconda-ks.cfg.  i installed from QMT.iso,
not sure if that matters.  maybe this helps.
 
Helmut

  _____  

From: Martin Waschbuesch [mailto:mar...@waschbuesch.de] 
Sent: Friday, November 12, 2010 9:21 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] iptables firewall issue

Hi Scott,

Perhaps if you still have the install kickstart file for the CentOS
installation in /root/anaconda-ks.cfg we could compare the settings?
If it is running CentOS that is...

Martin

From: Scott Hughes <mailto:sonicscott9...@gmail.com>  
Sent: Friday, November 12, 2010 3:44 PM    
To: qmailtoaster-list@qmailtoaster.com 
Subject: Re: [qmailtoaster] iptables firewall issue

Martin,

The problem turned out to be in the rc.local file. It was loading the basic
QMT firewall settings instead of firewalll setting in the iptables file.
Once I commented out that line in the rc.local file, it worked perfect
(survived the reboot process).

I have two QMT boxes that had the same issue. I still have figured out why
it is set up this way.  There is no point in running the firewall.sh script
if it is just going to be ignored the next time the system reboots.

Scott

2010/11/11 Martin Waschbuesch <mar...@waschbuesch.de>

Hi Scott,

The important file for iptables which will be loaded at startup is in  
/etc/sysconfig/iptables

It is basically the same information you have in the firewall script, but in
a slightly different syntax. Perhaps you need to check if that file is on
the system and has valid content?

It should look something like this:

# Generated by iptables-save v1.3.5 on Thu Sep  9 17:00:22 2010
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [12:1444]
-A INPUT -i eth0 -f -j DROP
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -s 10.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -s 172.16.0.0/255.240.0.0 -i ! lo -j DROP
-A INPUT -s 192.168.0.0/255.255.0.0 -i ! lo -j DROP
-A INPUT -s 224.0.0.0/240.0.0.0 -i ! lo -j DROP
-A INPUT -s 240.0.0.0/240.0.0.0 -i ! lo -j DROP
-A INPUT -s 0.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -s 255.255.255.255 -i ! lo -j DROP
-A INPUT -s 169.254.0.0/255.255.0.0 -i ! lo -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -m tcp --dport 143 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5667 --tcp-flags FIN,SYN,RST,ACK SYN -j
ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state NEW -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Sep  9 17:00:22 2010

From: Scott Hughes <mailto:sonicscott9...@gmail.com>  
Sent: Thursday, November 11, 2010 5:40 PM
To: qmailtoaster-list@qmailtoaster.com 
Subject: [qmailtoaster] iptables firewall issue

All, 

I continue to have strange firewall issues.  The iptables firewall is acting
normal EXCEPT when the system gets restarted.  Then it is like it goes back
to some default setting and I have log into the console and manually run the
firewall.sh script.  The script automatically saves the settings with
'service iptables save' and I have run this manually as well. Still having
the same issue.

Anyone out there have any ideas that might save my firewall settings though
restarts/reboots?

Thanks,
Scott

anaconda-ks.cfg
Description: Binary data

---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] iptables firewall issue

Reply via email to