Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't know whether ISP blocks port 25 or I need to enable port forwarding on port 25 to server.
Performed following test;
$ sudo /etc/init.d/firewall stop
Code:
Removing all iptables rules: [End of flush]
$ sudo telnet localhost 25
Code:
Password:
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Ubuntu)
ehlo satimis.homelinux.com
250-server1.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME
mail from: myself@satimis.homelinux.com
250 Ok
rcpt to: satimis@yahoo.com
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Test
This is a test, a test
.
250 Ok: queued as 72999754068
quit
221 Bye
Connection closed by foreign host.
No error found on /var/log/mail.err, only an empty file.
$ cat /var/log/mail.log
Code:
......
Nov 27 14:21:40 ubuntu postfix/smtp[5600]: connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out (port 25)
Nov 27 14:21:40 ubuntu postfix/smtp[5597]: connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out (port 25)
Nov 27 14:21:40 ubuntu postfix/smtp[5600]: 8452B754052: to=<satimis@yahoo.com>, relay=none, delay=232642, status=deferred (connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out)
Nov 27 14:21:40 ubuntu postfix/smtp[5597]: 1A25F754050: to=<satimis@yahoo.com>, relay=none, delay=232996, status=deferred (connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out)
Nov 27 14:21:40 ubuntu postfix/smtp[5598]: connect to h.mx.mail.yahoo.com[66.196.97.250]: Connection timed out (port 25)
Nov 27 14:21:40 ubuntu postfix/smtp[5598]: 58B9D75404C: to=<satimis@yahoo.com>, relay=none, delay=365906, status=deferred (connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out)
Nov 27 14:21:40 ubuntu postfix/smtp[5596]: connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out (port 25)
Nov 27 14:21:40 ubuntu postfix/smtp[5596]: 172E6754048: to=<satimis@yahoo.com>, relay=none, delay=410465, status=deferred (connect to h.mx.mail.yahoo.com[66.196.97.250]: Connection timed out)
Nov 27 14:21:40 ubuntu postfix/qmgr[5587]: D50EC754060: to=<satimis@yahoo.com>, relay=none, delay=66296, status=deferred (delivery temporarily suspended: connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out)
Nov 27 14:22:44 ubuntu postfix/smtpd[5970]: connect from localhost.localdomain[127.0.0.1]
Nov 27 14:25:27 ubuntu postfix/smtpd[5970]: 72999754068: client=localhost.localdomain[127.0.0.1]
Nov 27 14:25:53 ubuntu postfix/cleanup[5981]: 72999754068: message-id=<20061127062527.72999754068@server1.example.com>
Nov 27 14:25:53 ubuntu postfix/qmgr[5587]: 72999754068: from=<myself@satimis.homelinux.com>, size=416, nrcpt=1 (queue active)
Nov 27 14:25:53 ubuntu postfix/qmgr[5587]: 72999754068: to=<satimis@yahoo.com>, relay=none, delay=44, status=deferred (delivery temporarily suspended: connect to h.mx.mail.yahoo.com[209.191.118.103]: Connection timed out)
Nov 27 14:26:00 ubuntu postfix/smtpd[5970]: disconnect from localhost.localdomain[127.0.0.1]
Tried gmail.com with same result.
Is there any way checking ISP. Before I came across a thread running "cpan" checking port 25 unforunately I forgot the command line.
GRC Port Authority Report created on UTC: 2006-11-27 at 09:24:50
Results from probe of port: 25
1 Ports Open
0 Ports Closed
0 Ports Stealth
---------------------
1 Ports Tested
THE PORT tested was found to be: OPEN.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
Common ports
Code:
----------------------------------------------------------------------
GRC Port Authority Report created on UTC: 2006-11-27 at 09:20:22
Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000
4 Ports Open
17 Ports Closed
5 Ports Stealth
---------------------
26 Ports Tested
Ports found to be OPEN were: 25, 110, 143, 443
Ports found to be STEALTH were: 80, 135, 139, 445, 5000
Other than what is listed above, all ports are CLOSED.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
$ dpkg -l | grep postfix
Code:
ii postfix 2.2.10-1ubuntu0.1 A high-performance mail transport agent
$ dpkg -l | grep courier
Code:
ii courier-authdaemon 0.47-13ubuntu5.1 Courier Mail Server - Authentication daemon
ii courier-base 0.47-13ubuntu5.1 Courier Mail Server - Base system
ii courier-imap 3.0.8-13ubuntu5.1 Courier Mail Server - IMAP server
ii courier-imap-ssl 3.0.8-13ubuntu5.1 Courier Mail Server - IMAP over SSL
ii courier-pop 0.47-13ubuntu5.1 Courier Mail Server - POP3 server
ii courier-pop-ssl 0.47-13ubuntu5.1 Courier Mail Server - POP3 over SSL
ii courier-ssl 0.47-13ubuntu5.1 Courier Mail Server - SSL/TLS Support
They are running.
Firewall stopped during test.
$ sudo /etc/init.d/firewall stop
Password:
Removing all iptables rules: [End of flush]
You need to tell us a little more before people can help you. How do you connect to the Internet? Is there a router between the the server and the ISP's connection? What you have done shows us,
1. your mail server is listening on port 25;
2. you have Internet connection and the outgoing traffic to port 25 is not blocked.
If there's a router involved, forward traffic on port 25 to your local server and use another box not from your home network (from net cafe or work sth, for example) and try
Code:
telnet your_domain/wan_IP 25
Most ISPs block incoming traffic on port 25. If that's the case, you need,
1. run postfix on another port other than default 25;
2. find another place to forward traffic to 25 to your new port.
How do you connect to the Internet? Is there a router between the the server and the ISP's connection? What you have done shows us,
The server is connected to ISP via an ADSL modem, which is only a modem, no setup is needed. Another end of the modem is connected to a telephone wall socket.
Quote:
1. your mail server is listening on port 25;
2. you have Internet connection and the outgoing traffic to port 25 is not blocked.
Yes, I stopped iptables before making the test. Is there any other device or file blocking port 25
Quote:
try
Code:
telnet your_domain/wan_IP 25
$ sudo telnet satimis.homelinux.com/wan_IP 25
Code:
telnet: could not resolve satimis.homelinux.com/wan_IP/25: Name or service not known
I expect to clarify following first. After registration DYNDNS.ORG sent me a reply
Code:
Hostname: satimis.homelinux.com
IP Address: 58.152.161.53
Wildcard: Y
Mail Exchanger: None
Backup MX: Y
Is it "Hostname"="mydomain"? Tks
Quote:
Most ISPs block incoming traffic on port 25. If that's the case, you need,
1. run postfix on another port other than default 25;
2. find another place to forward traffic to 25 to your new port.
From "GRC Port Authority Report" port 25 is open. Neither it is stealth
Few points :
1. As neither you are having default FORWARD policy as DROP & nor you are running any other explicit rules at FORWARD to DROP; the only thing you need to forward any packets recieved from internet to another box(server) is DNATing.
2. I did'nt found 25 port in OPEN state at your ip. (I nmaped you for this)
Quote:
Originally Posted by satimis
I need to enable forwarding port 25 to server
Which file contains "server name" ?
3. At any point use can refer your server via its ip as well in case of its host/domain name.
So My suggestion is to add a DNAT rule to your firewall running at this box & leave FORWARD chain as it is.(though it is not suggestible)
2. I did'nt found 25 port in OPEN state at your ip. (I nmaped you for this)
Performed following tests;
To scan all reserved TCP ports on the PC satimis.homelinux.con
$ sudo nmap -v satimis.linux.com
Code:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-27 22:43 HKT
DNS resolution of 1 IPs took 8.29s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 2, CN: 1]
Initiating SYN Stealth Scan against ostg.com (66.35.250.177) [1674 ports] at 22:43
Discovered open port 80/tcp on 66.35.250.177
Increasing send delay for 66.35.250.177 from 0 to 5 due to max_successful_tryno increase to 4
Increasing send delay for 66.35.250.177 from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for 66.35.250.177 from 10 to 20 due to max_successful_tryno increase to 6
Increasing send delay for 66.35.250.177 from 20 to 40 due to 11 out of 12 dropped probes since last increase.
SYN Stealth Scan Timing: About 3.02% done; ETC: 23:00 (0:16:05 remaining)
Increasing send delay for 66.35.250.177 from 40 to 80 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 66.35.250.177 from 80 to 160 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 66.35.250.177 from 160 to 320 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 66.35.250.177 from 320 to 640 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 66.35.250.177 from 640 to 1000 due to 11 out of 19 dropped probes since last increase.
caught SIGINT signal, cleaning up
To scan port 25
$ sudo nmap -p 25 satimis.homelinux.com
Code:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-27 22:45 HKT
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 2.256 seconds
$ sudo nmap -P0 satimis.homelinux.com
Code:
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-11-27 22:47 HKT
Interesting ports on n058152161053.netvigator.com (58.152.161.53):
(The 1673 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
113/tcp closed auth
Nmap finished: 1 IP address (1 host up) scanned in 26.911 seconds
What is "n058152161053.netvigator.com (58.152.161.53)"? netvigator.com is my ISP.
Quote:
So My suggestion is to add a DNAT rule to your firewall running at this box & leave FORWARD chain as it is.(though it is not suggestible)
so, is your ADSL modem connected to a router of some kind? or is it connected to the server? Because if the server is connected directly to the modem you may not be doing NAT, then port forwarding is not needed.
so, is your ADSL modem connected to a router of some kind? or is it connected to the server? Because if the server is connected directly to the modem you may not be doing NAT, then port forwarding is not needed.
Hi,
The ADSL modem is connected directly to the server. It has only 2 sockets, one connected to server with a CAT5 cable and another to telephone wall socket with a telephone line.
CODE]iptables -t nat -A PREROUTING -p tcp -i <eth-wan-interface> --dport 25 -j DNAT --to <serverip--to-forward>[/CODE] Also set your server(to whom which are forwarding our port 25) to have gateway as firewall box.
I'm suspecting my ISP blocking port 25. Because I sent email from it via ISP broadband to its final destination, webmail box on Yahoo.
Shall I replace;
<eth-wan-interface>
<serverip--to-forward>
with something? Or just run the command line exactly written by you on above. Tks.
amitsharma_26 assumes that you are using a Linux box that connects to your DSL modem and is acting as a router/Nat device, is this the case? if not, what kind of box do you have connected to your dsl modem, is it a netgear,lynksys or something like that?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.