iptables problems with smtp pop3
Hi
I can telnet and connect to dovecot on 110 but when I telnet and connect to smtp on 25 I get connection refused by host. The mail server, web server etc is all the same machine. Can someone please tell me whats wrong with my iptables - assuming this is what is the problem. Though even when I telnet localhost 25 I get the same problem, cannot connect to host: Connection refused. I've run out of ideas and going mad here! Many thanks Kevin # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ~ |
Is the firewall you posted running on the server? If so, I don't see any wrong with it. Is it possible a firewall on your client machine is causing this? Or the SMTP server doesn't like telnet?
If none of this leads you to the problem, there are some things you can do to troubleshoot. One useful thing is to look at packet counts for rules using (as root): Code:
iptables -nvL You can also run a packet sniffer such as tcpdump or wireshark to see what packets are actually getting sent. If you run a packet sniffer remotely over ssh, make sure you specifiy "not tcp port 22". |
All times are GMT -5. The time now is 06:10 PM. |