LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices


Reply
  Search this Thread
Old 05-07-2005, 09:33 AM   #1
varun_saa
Member
 
Registered: Dec 2004
Posts: 188

Rep: Reputation: 30
iptables - clients can't send/recieve mails


Hello,
My server is on Mandriva 10.1
eth0 is WAN with static IP connected to 512K DSL
eth1 is LAN - 192.168.0.0/24 and 192.168.21.0/24

My rules for the above mentioned server are as follows :

# Generated by iptables-save v1.2.9 on Fri Jan 7 20:56:35 2000
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Jan 7 20:56:35 2000
# Generated by iptables-save v1.2.9 on Fri Jan 7 20:56:35 2000
*mangle
:PREROUTING ACCEPT [1024:195745]
:INPUT ACCEPT [1019:194076]
:FORWARD ACCEPT [2:144]
:OUTPUT ACCEPT [1000:192114]
:POSTROUTING ACCEPT [999:192086]
COMMIT
# Completed on Fri Jan 7 20:56:35 2000
# Generated by iptables-save v1.2.9 on Fri Jan 7 20:56:35 2000
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
-A INPUT -p udp -m udp -i eth1 --dport 3128 --sport 1024:65535 -j ACCEPT
-A INPUT -s 62.0.0.0/255.0.0.0 -i eth0 -j REJECT
-A INPUT -p tcp -m tcp -s 217.81.0.0/255.255.0.0 -i eth0 -j REJECT
-A INPUT -i eth0 -j DROP
-A INPUT -p tcp -m tcp -i eth1 --sport 80 -j DROP
-A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p tcp -i eth1 -o eth0 --dport 25 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 110 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 1863 --sport 1024: -j ACCEPT --syn
-A FORWARD -p tcp -i eth1 -o eth0 --dport 5050 --sport 1024: -j ACCEPT --syn
-A OUTPUT -p udp --dport 53 --sport 1024: -j ACCEPT
COMMIT
# Completed on Fri Jan 7 20:56:35 2000


Clients can browse after making proxy settings.
That part seems to work OK.

But clients are not able to sebd / recieve mails.

When I open thinderbird on a client I get a message :

" connecting to mail.vsnl.net "

After a while I get a request timed out message box .
So why are the mails not coming thru' ?

Please feel free to comment .

Thanks in advance

Varun
 
Old 05-08-2005, 03:08 AM   #2
iwpcs
LQ Newbie
 
Registered: Apr 2005
Location: Isle of Wight (UK)
Distribution: Assorted Mandrake
Posts: 23

Rep: Reputation: 15
A good diagnostic is to type
Code:
watch -d iptables -nvL
in a terminal and try sending an email. The rules that are being used will have their counters highlighted.

Can you ping the mailserver - could be a dns problem. To test this, ping by name then IP address. If the ping by IP address (203.200.235.182) works, but not by name this is your problem.

You can also try
Code:
telnet mail.vsnl.net 110
You are allowing all forwarding, so the forward lines (though they should work ok) are superfluous here - is this because you have set the forward policy to accept for testing and will reset it to drop when you have finished?


Chris

Last edited by iwpcs; 05-08-2005 at 03:29 AM.
 
Old 05-08-2005, 11:27 PM   #3
varun_saa
Member
 
Registered: Dec 2004
Posts: 188

Original Poster
Rep: Reputation: 30
telnet mail.vsnl.net 110
gives no response.

I shall put a DROP policy at end of FORWARD rules.
Is that OK.

Varun
 
Old 05-09-2005, 01:06 AM   #4
varun_saa
Member
 
Registered: Dec 2004
Posts: 188

Original Poster
Rep: Reputation: 30
watch -d iptables -nvL -> gives the following


Every 2.0s: iptables -nvL Mon May 9 11:36:33 2005

Chain INPUT (policy ACCEPT 25339 packets, 3067K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 289 packets, 20494 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 7895 packets, 1313K bytes)
pkts bytes target prot opt in out source destination

Thanks for teaching me some tips

Varun
 
Old 05-09-2005, 05:42 AM   #5
iwpcs
LQ Newbie
 
Registered: Apr 2005
Location: Isle of Wight (UK)
Distribution: Assorted Mandrake
Posts: 23

Rep: Reputation: 15
The output of iptables says you are accepting everything...


I still suspect a DNS problem - try the ping tests. What are your clients using as a nameserver?

The web browsing would still work because the squid server is dong the DNS look ups.


Chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can send but not recieve namit Linux - Software 7 11-16-2005 05:28 PM
Problem to recieve mails sanjibgupta Linux - General 1 02-23-2005 04:06 AM
E-Mail clients are taking time to send /receive mails qs_tahmeed Linux - Networking 0 08-23-2004 10:07 AM
recieve and send IP packets! Farhang Linux - Networking 1 07-25-2004 02:47 PM
how do I send and recieve mails locally? hpnadig Linux - Networking 10 01-04-2004 05:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva

All times are GMT -5. The time now is 02:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration