Routing problems
I'm running FC2 on a hp proliant server. This server has 2 network interfaces eth0 (for local network - has dhcp) and eth1 (for connecting to internet via a VSAT router). I have iptables configured for firewall and masquerading and the server runs dhcp on eth0. All has been well until a few days ago that clients cannot connect to external mail servers yet the server can connect to them. What could be the problem? When I attempt to telnet ports 25 or 110 from the client machines I get the error:
C:\>telnet pop.africaonline.co.ke 25 Connecting To pop.africaonline.co.ke...Could not open a connection to host on port 25 : Connect failed I include my iptables and dhcp configuration: Iptables: :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128 -A POSTROUTING -o eth1 -j MASQUERADE COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :LOGDROP - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -p icmp -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -i eth1 -p udp -m udp --dport 161 -j ACCEPT -A INPUT -j LOGDROP # Allow Browsing -A FORWARD -p tcp -m tcp --dport www -j ACCEPT -A FORWARD -p tcp -m tcp --dport https -j ACCEPT # Allow Mail -A FORWARD -p tcp -m tcp --dport smtp -j ACCEPT -A FORWARD -p tcp -m tcp --dport pop3 -j ACCEPT -A FORWARD -p tcp -m tcp --dport imap -j ACCEPT # Allow DNS Queries -A FORWARD -p udp -m udp --dport domain -j ACCEPT # Allow UCDavis Proxy -A FORWARD -p tcp -m tcp --dport 3128 -j ACCEPT # allow Traffic from above request back -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j LOGDROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o eth0 -j ACCEPT -A OUTPUT -o eth1 -j ACCEPT -A OUTPUT -d 0.0.0.0/0.0.0.0 -o eth1 -j ACCEPT -A OUTPUT -j LOGDROP -A LOGDROP -j LOG --log-level info -A LOGDROP -j DROP COMMIT *mangle :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT dhcpd.conf: server-identifier localserver.org; option domain-name "local.org"; option domain-name-servers 192.168.0.9,195.202.64.1,195.202.64.2,198.6.1.1; option routers 192.168.0.9; option subnet-mask 255.255.255.0; max-lease-time 144000; default-lease-time 144000; shared-network MRC { subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.220; } } ddns-update-style ad-hoc; ddns-updates on; |
look for the services status.
#chkconfig --list telnet if this ervice is off and you want to change this service: chkconfig telnet on |
All times are GMT -5. The time now is 08:00 PM. |