Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have server with firewall , iptables and proxy settings.
The evolution is configured, i can send mail to my gmail account. pop foward is enabled in gmail account but i can't fetch mail from gmail account. In script it is added
Please let us know a little more. The rule you posted will allow packets for POP3 to be received by your firewall, if a previous rule does not cause the packet to be discarded. It would be useful to know what the whole INPUT chain looks like. You can show it with the command
Code:
# iptables -nvL INPUT
Let us suppose that the firewall rule is correct and correctly placed, pending your report on the full chain.
Is Evolution running on the firewall machine or on another one? If it is on another one, have you enabled packet forwarding? What are the rules in the iptables FORWARD chain?
If Evolution is running on the same machine, what does its logfile (perhaps /var/log/maillog) say? Are there error messages there? Are there any lines in the syslog file (/var/log/messages ?)? What distribution and what version of the OS are you running? These details will allow us a better chance of actually diagnosing the trouble with you.
The INPUT table is for incoming connections. You would want to modify the OUTPUT table instead. Change your command to:
iptables -A OUTPUT -p tcp --dport 110 -j ACCEPT
(that's all assuming that your OUTPUT policy is not ACCEPT and that you don't have any other rules preventing this connection. If that's the case, post your entire iptables script so we can investigate further.)
Well, there are a couple of things that I think we should clear up. First of all, we should clear up the question of whether any process could reach pop.gmail.com. From where my systems connect to the internet, this DNS name resolves to 209.85.147.109 and 209.85.147.111 Can you ping either of these addresses and get a response? If so, can you then ping pop.gmail.com and get a response?
From your firewall script, I guess that you will not be able to get the second experiment to work, but that is uncertain, as some systems have automatic ways of punching holes through the firewall for DNS traffic. If you could post the actual rules, rather than the script which generates them, it would be instructive.
Part way down in your script, a comment says that you are going to allow UDP, DNS and passive FTP traffic, but the rule just below that does not do exactly that. It allows packets received in reply to connection requests initiated either on the firewall or on machines on the LAN behind the firewall, and would permit an active FTP as well as a passive FTP connection, if the control channel was set up from behind the firewall or on the firewall machine. I am not entirely sure if it will allow DNS exchanges begun from behind the firewall (these are, in fact, UDP packets).
BTW, since your OUTPUT chain policy is ACCEPT, the rules you have specified for this chain are redundant. The only rules that would have an effect with this policy are ones that REJECT or DROP packets.
If it is possible to resolve the DNS name to an address, and to get a ping response, then I guess it might be time to do a packet trace, looking at packets that have either source or destination port 110 and TCP protocol, so that you can tell whether no packet goes out, or none returns, or one returns and is somehow misdirected.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.