-----BEGIN PGP SIGNED MESSAGE-----
I recently set up an old machine as a firewall/router/mail-server at home
using woody with the vanilla 2.2.20 kernel. (I would have used 2.4, but I had
some booting (MBR) problems. When i finally got something to work, i stuck
I used Bastille to set up the ipchains firewalling and ipmasqing, leaving
ports 21, 22, 25 and 80 open. I then made a small script (a couple of lines)
that forwarded ports 21 and 80 to my regular computer. The ipmasqing and
port-forwarding worked fine (and still do).
I then configured exim to recive and send mail to/from me and started using
my home mail-address (the one i am sending this from), and that worked for at
least a couple of weeks. Now it doesn't...
I don't know exactly when it stopped working, since i didn't notice not
reciveing any mail when I wasn't expecting any.
Now the situation is as follows:
Sending mail, and local mail, works fine. I can also telnet to exim from
anywhere whithin my network.
Incoming mail does not show up. I have tried telnetting to port 25 on my
machine from computers outside my network and that doesn't work. (Same result
as when trying to telnet to a firewalled (DENY) port.)
Naturally now I re-ran InteractiveBastille and made shure all the questions
where awsered correctly, restarted the firewall, reconfigured the eth's,
updated bastille to version 1.3.0-2.1 (whish fixes another bug), nothing made
I then ran "ipchains -C input -s <some-address> -d <my-public-address> -p
25 -i eth0"
It said "denied" (so I thought I had found the problem). I ran "ipchains -I
input 1 -p 25 -j ACCEPT" and re-ran the "-C" check. The check now said
"accepted", but the behaviour regarding incoming connection attempts remained
I then ran the same check for port 22 and got a "denied" result, even though
incoming ssh works fine. I guess I don't really understand ipchains as well
as I would like to.
Does anyone know if there is some obscure exim feature that can make it
refuse incoming connections based om where they are coming from (ip or
interface) that is not controlled by exim.conf?
What am I doing wrong when I try to test the ipchains setup (with -C)? I must
be doing something wrong since it says "denied" for stuff that works (ssh).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----