LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-11-2004, 07:28 AM   #1
hurieka
LQ Newbie
 
Registered: Jul 2004
Posts: 6

Rep: Reputation: 0
Question Shorewall and SMTP problem...also, IP RESOLVING?


Hi,
I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server!
My server is on WHM/cPanel and EXIM....

When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
== test@hotmail.com R=lookuphost defer (-1): host lookup did not complete


or connection refused...

yes, I set 25 port for smtp in shorewall!

Can somebody help to me?

Also, why now I can resolve IP addresses with PHP scripts? Only numbers I can`t get who is host...


Thanks!

P.S. Currently I have 735 messages in the mail queue
 
Old 08-11-2004, 07:50 AM   #2
hurieka
LQ Newbie
 
Registered: Jul 2004
Posts: 6

Original Poster
Rep: Reputation: 0
In shorewall.conf I have:
IP_FORWARDING=Off
ROUTE_FILTER=Yes

In "/etc/shorewall/interfaces":
net eth0 detect norfc1918,nobogons,blacklist,nosmurfs

In "/etc/shorewall/rules":
ACCEPT net fw icmp 8
ACCEPT net fw tcp 20
ACCEPT net fw tcp 21
ACCEPT net fw tcp 22
ACCEPT net fw tcp 25
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
ACCEPT net fw tcp 80
ACCEPT net fw tcp 110
ACCEPT net fw tcp 143
ACCEPT net fw tcp 443
ACCEPT net fw tcp 465
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT net fw tcp 2082
ACCEPT net fw tcp 2083
ACCEPT net fw tcp 2086
ACCEPT net fw tcp 2087
ACCEPT net fw tcp 2095
ACCEPT net fw tcp 2096
ACCEPT dmz fw tcp smtp
ACCEPT dmz fw tcp domain

Here is what I get when restart shorewall:

Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc dmz
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Warning: Zone loc is empty
Warning: Zone dmz is empty
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Setting up Blacklisting...
Blacklisting enabled on eth0:0.0.0.0/0
Adding Anti-smurf Rules
Enabling RFC1918 Filtering
Enabling Bogon Filtering
Setting up Kernel Route Filtering...
IP Forwarding Disabled!
Processing /etc/shorewall/tunnels...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw icmp 8" added.
Rule "ACCEPT net fw tcp 20" added.
Rule "ACCEPT net fw tcp 21" added.
Rule "ACCEPT net fw tcp 5334" added.
Rule "ACCEPT net fw tcp 25" added.
Rule "ACCEPT net fw tcp 53" added.
Rule "ACCEPT net fw udp 53" added.
Rule "ACCEPT net fw tcp 80" added.
Rule "ACCEPT net fw tcp 110" added.
Rule "ACCEPT net fw tcp 143" added.
Rule "ACCEPT net fw tcp 443" added.
Rule "ACCEPT net fw tcp 465" added.
Rule "ACCEPT net fw tcp 993" added.
Rule "ACCEPT net fw tcp 995" added.
Rule "ACCEPT net fw tcp 2082" added.
Rule "ACCEPT net fw tcp 2083" added.
Rule "ACCEPT net fw tcp 2086" added.
Rule "ACCEPT net fw tcp 2087" added.
Rule "ACCEPT net fw tcp 2095" added.
Rule "ACCEPT net fw tcp 2096" added.
Rule "ACCEPT dmz fw tcp smtp" added.
Rule "ACCEPT dmz fw tcp domain" added.
Rule "ACCEPT net fw tcp 26" added.
Processing Actions...
Processing /usr/share/shorewall/action.Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.DropSMB...
Rule "DROP - - udp 135" added.
Rule "DROP - - udp 137:139" added.
Rule "DROP - - udp 445" added.
Rule "DROP - - tcp 135" added.
Rule "DROP - - tcp 139" added.
Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to net using chain loc2net
Policy REJECT for dmz to fw using chain all2all
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Restarted

Where is problem?

Thanks
 
Old 02-03-2005, 11:28 AM   #3
dpajares
LQ Newbie
 
Registered: Apr 2004
Location: uruguay
Distribution: debian
Posts: 26
Blog Entries: 1

Rep: Reputation: 15
nmap -sU -p 53 10.1.7.100

53/udp open|filtered domain
53/tcp open domain

Processing /usr/share/shorewall/action.DropDNSrep...
Quit from /usr/share/shorewall/
Rule "DROP - - udp - 53" added.
ACCEPT fw net udp 53
ACCEPT fw net tcp 53
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shorewall config question with /etc/shorewall/rules peter72 Linux - Networking 3 01-01-2007 09:33 PM
Problem with name resolving. libregeek Linux - Networking 9 04-11-2006 10:41 PM
resolving problem (I think) caesius_01 Linux - Networking 1 07-28-2005 01:41 AM
Name resolving problem MicroSun Linux - Networking 1 01-27-2005 09:21 AM
/etc/hosts resolving before DNS resolving ? markraem Linux - Networking 4 11-02-2003 04:54 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration