Hm, I think I broke my firewall (cant get email)
Help someone!
I have a brand new server running Ubuntu Edgy 6.10 for AMD-64. There is no GUI installed. The server sits between a small LAN (~30 clients) and a DSL modem for the Internet. It runs squid, squidGuard, and a firewall script for now. All it has to do is cache and filter web traffic, and of course do some basic security. I've been having problems getting squid set up and being able to connect through the LAN, but I've been successful now to the point that clients can surf the Web, and squidGuard is happily doing its filtering. (However, transparent proxying isn't working, but that's another story). During my messing around I've somehow managed to break something, and now no one on the LAN can use SMTP/POP3 (this is hosted at our ISP). Other than squid settings, the only thing I can think that I did was set "/proc/sys/net/ipv4/ip_forward" and "ip_dynaddr", and mess the firewall settings. This is the same firewall script that I used on our old server and it worked fine. In fact, it worked fine on THIS server yesterday. I don't think it can be squid, since squid only gets the traffic from port 80. I have no idea where to start looking to solve this problem, I am only assuming it's the firewall. So here's my iptables -L: Code:
iptables -L Any help appreciated! |
You might try turning off the firewall to see if it resolves the issue. You can turn it back on afterwards. This test would at least confirm you're looking in the right place.
Don't use ubuntu but on other Distros it's just: service iptables stop (stop the firewall -AND- service iptables start (restart the firewall) Also are you sure these are the right rules? If you did on the fly edits of iptables then forgot to save them before you stopped/started iptables it would have lost the rules so the restarted rules wouldn't be the ones you thought they were. |
Hi jlightner,
When I tried that command (which worked on my old mandrake server) I got bash: service: command not found usually if I want to start or stop something, I have to run /etc/init.d/<command> start | stop But there is no iptables listed in /etc/init.d. I did find it in /sbin, but start and stop did not work. ??? |
Do you have /etc/rc.d? A quick Google suggests that may be the location for start/stop scripts in your distro.
|
No, I do not have that folder. My Mandrake distro did but not Ubuntu. Ubuntu has /etc/init.d and /etc/rcN.d (where N is the runlevel numbers) and /etc/rc.local.
I restarted my server WITHOUT running my firewall script: iptables -L Code:
root@proxy:/etc# iptables -L Thinking it might be a DNS issue, I just installed BIND (DNS service) on my server and now I can ping names & get their IP addresses (whereas before I could not, I was connected to the Internet via the squid proxy) however all pings return "Request timed out" from the LAN but they return when I ping from the server. Example: Before BIND: From a LAN client ping www.google.ca Unknown host www.google.ca After BIND: From a LAN client ping www.google.ca Pinging www.1.google.com [74.14.203.104] with 32 bytes of data: Request timed out. Request timed out. ... From server, ping worked fine both before and after. What else can I try??? |
Never mind!!! It WAS a firewall issue.
I did: Code:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Obviously, I don't want to leave it like it is!!!! So I need to fix it, fast. Can you tell me how to post my firewall script with the comments stripped out? (there's lots of comments) Thanks! |
All times are GMT -5. The time now is 11:10 PM. |