| View previous topic :: View next topic |
| Author |
Message |
vish
n00b
Joined: 28 Jan 2003
Posts: 28
|
 Posted: Sun May 04, 2003 7:50 pm Post subject: Iptables SMTP |
 |
|
I have a windows system behind my gentoo box.. Using NAT
I have eth0 and eht1 on my gentoo with eth1 conencted to the windows system with a crosscable
Everything works find but I cant access my smtp mail server from the windows system. I am sure I am not setting up somthing in my iptables rules...
can someone show me how to do this
thanks...
Gentoo ROCKS!! so does this forum |
|
| Back to top |
|
 |
Jacobs
Apprentice
Joined: 29 Apr 2003
Posts: 174
Location: Czech republic
|
| Posted: Mon May 05, 2003 10:24 am Post subject: |
|
|
hi, have you already set up some restricitve rules in IPtables? if you just started masquerade, then it should work. maybe make sure that you are masquerading only output from eth0:
| Code: | | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
btw other protocols (HTTP, POP, ...) are working? |
|
| Back to top |
|
|
vish
n00b
Joined: 28 Jan 2003
Posts: 28
|
| Posted: Mon May 05, 2003 3:55 pm Post subject: |
|
|
I have masquerade setup up and it works... http IMAP
I can access all that on my windows computer
I use my isp's smtp protocol which works on my gentoo computer but not on the windows one which is behind the gentoo.
Thanks in advance for ur help |
|
| Back to top |
|
|
jnewland
n00b
Joined: 01 Dec 2002
Posts: 10
Location: University of Georgia (Athens, GA, USA)
|
| Posted: Tue Jun 03, 2003 4:41 am Post subject: |
|
|
hey - i'm having the same exact problem, but from a gentoo machine behind a gentoo router box. web works, imap works, ftp works, everything else but smtp. for example:
| Code: | jnewland@bubba jnewland $ telnet oldjames.net 80
Trying 64.30.169.40...
Connected to oldjames.net.
Escape character is '^]'. |
web works, BUT...
| Code: | jnewland@bubba jnewland $ telnet oldjames.net 25
Trying 64.30.169.40...
telnet: Unable to connect to remote host: Network is unreachable
|
strange, eh? why network unreachable? i'm sure this has something to do with masquerading, but i don't know exactly what. here's my iptables script that's running on my router, just for good measure:
| Code: | echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F INPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F FORWARD
/sbin/iptables -t nat -F
/sbin/iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
/sbin/iptables -A FORWARD -j LOG
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
|
when i run a `tcpdump port 25` on the router machine while i'm trying to send a mail with mozilla, i get this:
| Code: | 00:43:11.057443 bubba.34718 > 40.cpe.atlantabroadband.com.smtp: S 1473628234:1473628234(0) win 5840 <mss 1460,sackOK,timestamp 5531856 0,nop,wscale 0> (DF)
|
anyone have any ideas? this is really bugging me!
_________________
--
AHHH!! Run everyone! The canary has mutated!!! |
|
| Back to top |
|
|
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Tue Jun 03, 2003 7:01 am Post subject: |
|
|
| jnewland wrote: | when i run a `tcpdump port 25` on the router machine while i'm trying to send a mail with mozilla, i get this:
| Code: | 00:43:11.057443 bubba.34718 > 40.cpe.atlantabroadband.com.smtp: S 1473628234:1473628234(0) win 5840 <mss 1460,sackOK,timestamp 5531856 0,nop,wscale 0> (DF)
|
anyone have any ideas? this is really bugging me! |
Strange...
What do you get with tcpdump -i ppp0 when trying to send mail from the inside machine ? What do you get with the same command when telnet-ing port 25 from the gateway ?
Network is considered unreachable because there is no reply received. It might be because the packet is not forwarded or because the server doesn't reply. Analysis of the two traces above should point you in the right directions, look at the differences between the two.
-K |
|
| Back to top |
|
|
uzik
Apprentice
Joined: 17 Apr 2003
Posts: 257
|
| Posted: Tue Jun 03, 2003 7:33 pm Post subject: |
|
|
| vish wrote: | I have masquerade setup up and it works... http IMAP
I can access all that on my windows computer
I use my isp's smtp protocol which works on my gentoo computer but not on the windows one which is behind the gentoo.
Thanks in advance for ur help |
Do you have the firewall open to your smtp traffic?
Something sorta like this:
| Code: | iptables -A INPUT -s your_isp -d windows_box -p tcp --sport 25 -j ACCEPT
iptables -A OUTPUT -d your_isp -s windows_box -p tcp --dport 25 -j ACCEPT |
You also have to remember the order of the statements in the script is
critical too. If you drop packets in a step before the accept statement
they'll never get through. |
|
| Back to top |
|
|
|
Networking & Security
