Re: [Shorewall-users] Shields-Up Scan of Shorewall Firewall

Tue, 18 Dec 2007 23:02:37 -0800 

Tom , my replies below...

> >>> 1. Why is the smtp port stealthed whilst other
> are
> >>> open?
> >> Two obvious questions: Why is postfix listening
> on
> >> port 26 rather than port
> >> 25?
> > 
> > our isp has blocked port 25, therefore , we are
> using
> > port 26, i have modified postfix ( postfix just
> for
> > cron messages only , our office mail server is
> hosted
> > off-site ) and also the smtp macro to this end. 
> 
> Why???????

1. the isp blocked port 25 nationwide , not just my
office.
 
> > 
> >> Do you have an ACCEPT or DNAT rule for port
> >> 26?
> > 
> > in the policy file , i have set FW -> Net as
> accept,
> > since postfix is running on the FW , this should
> cut
> > it rite ?
> 
> Sure -- but that is outbound. You aren't opening
> port 26 inbound so your
> default net->fw (or net->all) DROP policy will
> stealth the port inbound.

ok, i get this. the port is stealthed becos inbound
connections are blocked. good , i understand now.

> > If in the policy file , i already have FW -> net ,
> > there is no need for me to add something in
> rules..
> > therefore  should i conclude , its my postfix
> config
> > which is wrong ?
> 
> I don't think there is anything wrong with your
> configuration.
> 

ok. if the firewall is ok, then its must be my postfix
config, postfix was working before i.e. i could get
cron messages delivered to my yahoo acct.

it stopped working just a few days ago.... i must have
done something... helllll ...


      
____________________________________________________________________________________
Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to