I don't know how to use IPtables, so I run GuardDog instead. This was working fine on KDE 3.3.2 and Slackware 10.0, but I recently upgraded to 3.4 and 10.1.

I can enable every single protocol conceivable under GuardDog, and still, I can't access my SMTP mail server. However, if I choose to disable the firewall completely (a GuardDog option), Thunderbird connects perfectly fine. Does anyone know what's going on?

Well I'd start by checking the log. I'm not sure if Guarddog alters where the kernel stores the iptables stuff or not, but default is /var/log/messages. Sift through that and see if there are any errors when it loads. Also look for dropped packets using port 25 and such. Beyond that, post you rules. You can output them with the following command:
And are you trying to access the server remotely, from a LAN, both or what?

I'm trying to use Thunderbird to access imap-server.its.caltech.edu, where my mail is. What I find surprising is, 1) that I'm using essentially the same rules as under Slackware 10.0, and if anything, it is less stringent, and 2) enabling all protocols still blocks my email.

GuardDog changes /var/log/messages, but I haven't seen anything relevant about blocked packets. The output of IPTables is quite long, so I'll refrain from posting it until I grow more desperate.

Ok, so it's blocking you from access a remote mail server. So you are limiting output. Look at your OUTPUT chain, assuming that's what it's named with guarddog, and see if there is a rule allowing output to port 25. It should look something like this:
where xx.xx.xx.xxx is either the IP of the server you want access to, or 0.0.0.0/0 for access to any server anywhere. If there is no such rule, then try to add it like so for access to only that server:
or like this to allow access to any server:
Also look for a log rule at the end of the chain, something like this:
If not present then you can add it with something like this:
Then you can use "tail -f /var/log/messages" to watch the log file in real time while you try to connect and any dropped packets will be logged. That way you can see what happens as it happens. The log rule should be dead last in your chain for it to work correctly.

Again, I'm not familair with guarddog specifically, the above assumes the output chain is named OUTPUT and you are using a simple non-masquerading firewall, ie 1 eth.

After playing around, I found the following output in dmesg:
Nothing, however, in /var/log/messages

I also introduced a custom protocol which I called "Mail Stuff", setting it to TCP port 25. I enabled access to it, but my mail still didn't get through.

maybe try to run iptraf ( in a console as root ), and look
what connections are made and what ports are used when you get mail.
( do that without a firewall )

egag

iptraf didn't help (although it might prove useful in the future--thanks). It showed that I used port 143 (I think), but I enabled SMTP, IMAP, POP2, POP3, NNTP, and all the corresponding secure versions.

Does this output message when I enable the firewall in GuardDog mean anything?Using iptables.

did you compile your own kernel ?
you're missing some modules.

those are in networking-support--->networking options--->network packet filtering.
take as many modules there as you can.......

then just make modules && make modules_install.
might be ( part of ) the prob.

egag

I compiled the two modules above, but as you said, they're only part of the problem. Thunderbird still doesn't work. But at least I got that out of the way.

well..just to try maybe...( i needed smth. like that to get torrents going...),
in the " advanced " tab of guarddog you can open ports.( left-low )
just fill in " mail " for the name and 142 -144 for the portnumber ( that is if you've got the 143 right )

then try again...

egag

TCP 142:144 allow hasn't worked either. Could it be a problem with the way GuardDog is reading my IP tables? Is there any other alternative?

Or would it better for me to go without a firewall?

Well if you have an afternoon or 3 to burn, I'd recommend that you cozy up to a good netfilter howto and write your own firewall taylored to your needs from scratch. For a simple setup it's really not difficult, but for a complex setup it can easily be overwhelming. But no, if the PC is directly exposed to the internet, ie you're using a always on connection like broadband and don't have a router/firewall in between, then I wouldn't run it without a firewall. In contrast, if you are using dialup or have a store bought router/firewall between you and the net, then you'd probably be fine without one unless you need to limit output.

Anyway, if you have somewhere you can post your ruleset, ie the "iptables -L -n", I'm sure someone can find your current problem, if it's in the ruleset.

While I am interested in eventually learning the subtleties of IPtables, I just want to get this out of the way for now. Is there a "default" IPtables which allows common protocols but blocks the few which might be subject to hacker exploits? (I'm looking for somewhat of a "Windows" solution")

After reviewing the output of dmesg more thoroughly, I decided to experiment with the DPT=xx number. It turns out that this is the destination port? And SPT the send port?

Anyways, I allowed ports 465 and 587. These seem to correspond to SMTP-auth, according to what I found from some Googling. Why can't I seem to find these ports as default protocols under GuardDog?

DPT is the destination port, yes. This is the port you need to be concerned with mainly. For instance if you connected to your SMTP server to send an email, normally you'd do so on port 25. SPT is the source port. You shouldn't be too concerned with these in your situation. Everytime you connect to any server your connection is assigned both a DPT & SPT. The easiest way I can think of to explain it would be suppose you opened 2 browser windows at once and connected each of them to google. Both connections would use port 80 as their DPT, but each window would be assigned it's own unique SPT. This allows the kernel to destinquish between the 2 browsers and send the correct packets to each one. Make sense?

A complete list of the current standards for ports can be found in /etc/services. 465 is smtps (Simple Mail Transport Protocol Secure). Normally only a server using SSL would use that port. Port 587 is submission and is supported by some servers, but it's not widely used. Generally, port 25 is used to send email and port 110 is used to recieve it if you're pulling your email off a pop server or port 143 is used to recieve if you're pulling your email off an imap server. At any rate, since your email is working with the firewall down, you should be able to just check the settings in Thunderbird to see what you using.

Anyway, I'd suggest that if you want to use Guarddog that you disable all filtering of outbound connections to start off with. I would think there would be a setting within it to do that. That will allow you, or anyone using your computer, to connect to anything anywhere unrestricted. At the same time you'd still be protected against anybody on some other computer from connecting to you. That should be sufficent in most cases, unless you want to block things like IRC, Gaim, and other software on your computer from making connections. That will get your email working, once you have done that, then go back and tinker with it to only allow what you want out.