[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ipchains/smtp/bastille problem

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I recently set up an old machine as a firewall/router/mail-server at home 
using woody with the vanilla 2.2.20 kernel. (I would have used 2.4, but I had 
some booting (MBR) problems. When i finally got something to work, i stuck 
with it.)

Anyhow...
I used Bastille to set up the ipchains firewalling and ipmasqing, leaving 
ports 21, 22, 25 and 80 open. I then made a small script (a couple of lines) 
that forwarded ports 21 and 80 to my regular computer. The ipmasqing and 
port-forwarding worked fine (and still do).
I then configured exim to recive and send mail to/from me and started using 
my home mail-address (the one i am sending this from), and that worked for at 
least a couple of weeks. Now it doesn't...
I don't know exactly when it stopped working, since i didn't notice not 
reciveing any mail when I wasn't expecting any.

Now the situation is as follows:
Sending mail, and local mail, works fine. I can also telnet to exim from 
anywhere whithin my network.
Incoming mail does not show up. I have tried telnetting to port 25 on my 
machine from computers outside my network and that doesn't work. (Same result 
as when trying to telnet to a firewalled (DENY) port.)

Naturally now I re-ran InteractiveBastille and made shure all the questions 
where awsered correctly, restarted the firewall, reconfigured the eth's, 
updated bastille to version 1.3.0-2.1 (whish fixes another bug), nothing made 
any difference.

I then ran "ipchains -C input -s <some-address>  -d <my-public-address>  -p 
25 -i eth0"
It said "denied" (so I thought I had found the problem). I ran "ipchains -I 
input 1 -p 25 -j ACCEPT" and re-ran the "-C" check. The check now said 
"accepted", but the behaviour regarding incoming connection attempts remained 
the same.
I then ran the same check for port 22 and got a "denied" result, even though 
incoming ssh works fine. I guess I don't really understand ipchains as well 
as I would like to.

Does anyone know if there is some obscure exim feature that can make it 
refuse incoming connections based om where they are coming from (ip or 
interface) that is not controlled by exim.conf?

What am I doing wrong when I try to test the ipchains setup (with -C)? I must 
be doing something wrong since it says "denied" for stuff that works (ssh).


br,
Henrik Johansson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9yLcQms2BPrYuP/0RAqFOAJ9CtDhTMR8cYBkm2bTICAgX3akLwQCeND6V
P2bRC4DtUq0s82Azt1yxefE=
=RNDL
-----END PGP SIGNATURE-----
Reply to: