LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-16-2009, 03:48 AM   #1
mfilenko
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Rep: Reputation: 0
JAMES or DNAT problem?


Hey everyone,

need experts' help!

I've got:
  • server1 - server box somewhere on the Internet
  • server2 - server with Apache James behind the Ubuntu NAT box
Here's Ubuntu's netfilter ruleset representing DNAT:
Code:
...
iptables -A FORWARD -d $INT_IP -i $WAN_IF -o $INT_IF -j ACCEPT
iptables -t nat -A PREROUTING -d $EXT_IP -i $WAN_IF -j DNAT --to-destination $INT_IP
...
I'm sure that NAT/DNAT works fine because I can access the Internet from server2 and I also can connect to James SMTP module on server2 (`telnet server2 25` is ok), but `telnet server2 110` gives a "Connection refused" error just after short delay. Why I am thinking it's an DNAT problem? I've started `nc -l 2424` on server2 and successfully telneted from server1 on port 2424, but if listening by netcat port is privieleged (i.e. `nc -l 24`) then `telnet server2 24` from server1 gives same "Connection refused" error. But still... Why 25, 80 and 443 ports are DNATed successfully?! I'm stuck.

Here's extract from James' config.xml:
Code:
   <pop3server enabled="true">
      <port>110</port>
      <handler>
         <helloName autodetect="false">XXX.YYY</helloName>
         <connectiontimeout>120000</connectiontimeout>
      </handler>
   </pop3server>
 
Old 07-16-2009, 04:27 AM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Can you verify whether you can connect from behind the firewall? In otherwords, verify that the service is working.

Second. Do you know whether your ISP is blocking port 110? Perhaps change the port used temporarily for testing purposes.
 
Old 07-16-2009, 04:32 AM   #3
mfilenko
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the tip! Looks like the problem is in server1's firewall! I'll check this and write back...
 
Old 07-16-2009, 07:26 AM   #4
mfilenko
LQ Newbie
 
Registered: Jul 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Yes it was server1's firewall. Sorry.
 
  


Reply

Tags
dnat


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DNAT problem eantoranz Linux - Networking 2 09-12-2006 01:00 PM
Apache James Problem ol1v3r Linux - Software 3 09-07-2005 04:54 AM
shorewall problem DNAT masand Linux - Networking 3 08-11-2005 11:53 AM
dnat problem jelgavchik Linux - Networking 0 01-20-2005 06:35 AM
problem about iptables DNAT. zufeng Linux - Security 3 06-19-2003 09:29 AM


All times are GMT -5. The time now is 06:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration