LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Routing problems (http://www.linuxquestions.org/questions/linux-networking-3/routing-problems-309580/)

jgnasser 04-04-2005 10:01 AM

Routing problems
 
I'm running FC2 on a hp proliant server. This server has 2 network interfaces eth0 (for local network - has dhcp) and eth1 (for connecting to internet via a VSAT router). I have iptables configured for firewall and masquerading and the server runs dhcp on eth0. All has been well until a few days ago that clients cannot connect to external mail servers yet the server can connect to them. What could be the problem? When I attempt to telnet ports 25 or 110 from the client machines I get the error:

C:\>telnet pop.africaonline.co.ke 25
Connecting To pop.africaonline.co.ke...Could not open a connection to host on port 25 : Connect failed

I include my iptables and dhcp configuration:

Iptables:

:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:LOGDROP - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p icmp -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -j LOGDROP

# Allow Browsing
-A FORWARD -p tcp -m tcp --dport www -j ACCEPT
-A FORWARD -p tcp -m tcp --dport https -j ACCEPT

# Allow Mail
-A FORWARD -p tcp -m tcp --dport smtp -j ACCEPT
-A FORWARD -p tcp -m tcp --dport pop3 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport imap -j ACCEPT

# Allow DNS Queries
-A FORWARD -p udp -m udp --dport domain -j ACCEPT

# Allow UCDavis Proxy
-A FORWARD -p tcp -m tcp --dport 3128 -j ACCEPT

# allow Traffic from above request back
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -j LOGDROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -j ACCEPT
-A OUTPUT -o eth1 -j ACCEPT
-A OUTPUT -d 0.0.0.0/0.0.0.0 -o eth1 -j ACCEPT
-A OUTPUT -j LOGDROP
-A LOGDROP -j LOG --log-level info
-A LOGDROP -j DROP
COMMIT
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT



dhcpd.conf:

server-identifier localserver.org;
option domain-name "local.org";
option domain-name-servers 192.168.0.9,195.202.64.1,195.202.64.2,198.6.1.1;
option routers 192.168.0.9;
option subnet-mask 255.255.255.0;
max-lease-time 144000;
default-lease-time 144000;

shared-network MRC {
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.220;
}
}
ddns-update-style ad-hoc;
ddns-updates on;

peter_mclein 04-04-2005 10:24 AM

look for the services status.

#chkconfig --list telnet

if this ervice is off and you want to change this service:

chkconfig telnet on


All times are GMT -5. The time now is 11:38 PM.