iptables firewall.... took me a while to find it on one of our leased FC1 servers.... no GUI :)
For reference, FC stores the firewall config in:/etc/sysconfig/iptables The gui is great for tick box to enable mail/ftp/httpd etc... but no good if you need to add extra rules (like port forwarding 443 to 25 so that people on crapy free dial-up can use our mail servers :) If you need to add rules for extra services, just copy and paste an existing one! Odly on our FC2 server, the firewall is controlled by a script in /etc/rc.d/rc.firewall - but i think this may have been somthing the hosting company set up after installing fc2. Daniel. > -----Original Message----- > From: Bud Bach [mailto:[EMAIL PROTECTED] > Sent: 15 February 2005 16:06 > To: 'James Users List' > Subject: RE: POP3 Server Access > > > Just one final follow up in case someone else comes across this, > the Fedora > has a "Security Level" application under "System Services" that makes it > easy to allow connections to tcp:110 (add under other). There > are probably > more manly ways of doing this with "iptables" from the command line but it > seemed to work for me. If you uncommented your <bind> </bind> section in > your config.xml, you would probably need to comment it out again. > > Thanks again. -- Bud > > > -----Original Message----- > > From: Bud Bach [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 15, 2005 9:42 AM > > To: 'James Users List' > > Subject: RE: POP3 Server Access > > > > Daniel is right. It looks like the system is using iptables. Now to > > figure > > out that piece of software. It's never ending! > > > > Thanks Broc and Daniel! > > > > -- Bud > > > > > > > > > -----Original Message----- > > > From: Daniel Perry [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, February 15, 2005 4:27 AM > > > To: James Users List > > > Subject: RE: POP3 Server Access > > > > > > FC2 uses iptables by default (i think) > > > > > > Try: service iptables stop > > > > > > Daniel. > > > > > > > -----Original Message----- > > > > From: Seib, Broc [mailto:[EMAIL PROTECTED] > > > > Sent: 15 February 2005 04:03 > > > > To: James Users List > > > > Subject: RE: POP3 Server Access > > > > > > > > > > > > Comments inline... > > > > > > > > > -----Original Message----- > > > > > From: Bud Bach [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, February 14, 2005 5:24 PM > > > > > To: 'James Users List' > > > > > Subject: RE: POP3 Server Access > > > > > > > > > > > > > > > Broc, I think you are right. This is what I'm seeing: > > > > > > > > > > % netstat -an | more > > > > > Active Internet connections (servers and established) > > > > > Proto Recv-Q Send-Q Local Address Foreign Address > > > > > State > > > > > tcp 0 0 :::110 :::* > > > > > LISTEN > > > > > > > > This says there is a socket listening on port 110 on *all* > interfaces > > > > (including 192.168.1.50), which is fine. (This netstat output looks > > like > > > > IP6 address format; I'm used to seeing the style "*:110" rather than > > > > ":::110" for local address.) > > > > > > > > This also makes sense since it is the default in the config file to > > bind > > > > to all interfaces. It confirms you *should* be able to connect from > > > > anywhere. I think this alone suggests that your server is > running fine > > > > and that something else is preventing the connection. > > > > > > > > > I'm not sure how to interpret this. I'm guessing the POP > > > > > server is not properly bound. Do I just uncomment the <bind> > > > > > </bind> block and add the ip address of the server? The docs > > > > > say that if the parameter is omitted, the service will be > > > > > bound to all network interfaces on the machine. Is this > > > > > broken under Fedora (FC2) or has the behavior changed? > > > > > > > > > > I tried binding it to the address the server with: > > > > > > > > > > <bind>192.168.1.50</bind> > > > > > > > > > > but it still doesn't quite seem to work. Netstat shows: > > > > > > > > > > tcp 0 0 ::ffff:192.168.1.50:110 :::* > > > > > LISTEN > > > > > > > > You did the bind config correct here, if you want to explicitly bind > > to > > > > just one address rather than all. It also means the server is no > > longer > > > > bound to 127.0.0.1, so when you said telnet to localhost stopped > > > > working, that looks correct. > > > > > > > > > In this case, I can connect from a remote system but the > > > > > server doesn't spit out the banner. Also on the local > > > > > machine, I can no longer telnet to "localhost 110", I have to > > > > > use the specific ip address. > > > > > > > > I am puzzled why it would behave differently based on your <bind> > > > > config. The netstat output proved it was listening correctly in both > > > > cases, so your external connection to 192.168.1.50 should behave the > > > > same in both cases. I'd guess this is not a problem with your server > > > > config. > > > > > > > > Q1: does Fedora Core 2 use 'ipf', 'ipfw', or 'ipchains', or > any other > > > > kernel level firewall? I am not very familiar with FC2, but > this would > > > > be the next place I'd look. > > > > > > > > Q2: Where is the other host from which you are externally > connecting? > > Is > > > > it also on the same 192.168.1.x subnet, on your own private > LAN? Or is > > > > it coming from a real internet location via a broadband > connection or > > > > something? > > > > > > > > -broc > > > > > > > > > > > > > > Can you provide anymore pointers that might get me going? Thanks. > > > > > > > > > > -- Bud > > > > > > > > > > > -----Original Message----- > > > > > > From: Seib, Broc [mailto:[EMAIL PROTECTED] > > > > > > Sent: Monday, February 14, 2005 12:19 PM > > > > > > To: James Users List > > > > > > Subject: RE: POP3 Server Access > > > > > > > > > > > > I'd first check that the server is bound to the correct > > > > > address while > > > > > > it is running, i.e. the command "netstat -an" should show > > > > > > xx.xx.xx.xx:110 where xx.xx.xx.xx is an IP address reachable by > > the > > > > > > world. > > > > > > > > > > > > -broc > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Bud Bach [mailto:[EMAIL PROTECTED] > > > > > > > Sent: Monday, February 14, 2005 1:00 PM > > > > > > > To: server-user@james.apache.org > > > > > > > Subject: POP3 Server Access > > > > > > > > > > > > > > > > > > > > > I know this is probably something stupid but here > goes. I have > > > > > > > James running and the POP3 server is configured (see below). > > > > > > > > > > > > > > > > > > > > > > > > > > > > On the local host, I can telnet to port 110 and I get the > > > > > James POP3 > > > > > > > banner. From any other machine, I can't connect. No > > > > > firewalls in the > > > > > > > way. What am I missing? Is there an "allow" list I need > > > > > to add to > > > > > > > allow remote access? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks for any assistance. - Bud > > > > > > > > > > > > > > > > > > > > > > > > > > > > config.xml: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > <!-- The POP3 server is enabled by default --> > > > > > > > > > > > > > > <!-- Disabling blocks will stop them from listening, --> > > > > > > > > > > > > > > <!-- but does not free as many resources as removing > > > > > them would > > > > > > > --> > > > > > > > > > > > > > > <pop3server enabled="true"> > > > > > > > > > > > > > > <!-- port 995 is the well-known/IANA registered > > > > > port for POP3S > > > > > > > ie over SSL/TLS --> > > > > > > > > > > > > > > <!-- port 110 is the well-known/IANA registered port for > > > > > > > Standard POP3 > > > > > > > --> > > > > > > > > > > > > > > <port>110</port> > > > > > > > > > > > > > > > > > > > > > > > > > > > > <!-- Uncomment this if you want to bind to a specific > > > > > > > inetaddress --> > > > > > > > > > > > > > > <!-- > > > > > > > > > > > > > > <bind> </bind> > > > > > > > > > > > > > > --> > > > > > > > > > > > > > > <!-- Uncomment this if you want to use TLS (SSL) > > > > > on this port > > > > > > > --> > > > > > > > > > > > > > > <!-- > > > > > > > > > > > > > > <useTLS>true</useTLS> > > > > > > > > > > > > > > --> > > > > > > > > > > > > > > > > > > > > > > > > > > > > <handler> > > > > > > > > > > > > > > <!-- This is the name used by the server to > > > > > identify itself > > > > > > > in the POP3 --> > > > > > > > > > > > > > > <!-- protocol. If autodetect is TRUE, the > server will > > > > > > > discover its > > > > > > > --> > > > > > > > > > > > > > > <!-- own host name and use that in the protocol. If > > > > > > > discovery fails, --> > > > > > > > > > > > > > > <!-- the value of 'localhost' is used. If autodetect > > is > > > > > > > FALSE, James --> > > > > > > > > > > > > > > <!-- will use the specified value. --> > > > > > > > > > > > > > > <helloName autodetect="true">myMailServer</helloName> > > > > > > > > > > > > > > <connectiontimeout>120000</connectiontimeout> > > > > > > > > > > > > > > </handler> > > > > > > > > > > > > > > </pop3server> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > - > > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > - > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
