From: Jack Lyons (jack.lyons@martinagency.com)
Date: Thu Oct 23 2003 - 17:41:13 CDT
what is your pop3 and smtp servers....some firewall implementations filter out extended SMTP commands.
have you tried to manually send a message (telnet to port 25?)
Good Luck
Jack
----- Original Message -----
From: Larry Eckert
To: netreg@southwestern.edu
Sent: Thursday, October 23, 2003 6:04 PM
Subject: NetReg: Linux Firewall Question
I am setting up some linux firewall boxes (to make some gig
firewalls and save money) (running Linux 2.4.20 Slackware 9.0 using
iptables). I set up a private network behind the firewall, and I have
them working with everything on the network (web, dns, ssh, ...), but for
some reason, they are not working with our mail server. When I run
Outlook Express or Eudora (another email app) on the private network
(behind the firewall), they will send and receive mail, but then they get
stuck in trying to "close connection with mail server", then
eventually they timeout and say that they couldn't close the connection.
This led me to believe that I was just missing a rule or two (in addition
to accepting POP3 and SMTP), so I set up some logging to look at the
dropped traffic, but found nothing. So I decided to simply change the
FORWARD rule to ACCEPT everything, and it didn't make a difference. Which
makes me believe that the iptables rulesets aren't the issue. Everything
else gets forwarded to the private network (and vice-versa) just fine,
but for some reason these mail apps aren't working (completely...). This
makes me believe that it isn't a port I am missing on my rules, but some
module or something else that I obviously don't know that I need. I am
just curious if there is some module or something I need to install on
the linux box to allow this to happen, or if it is something on the mail
server that I need to setup (it is a Sun Solaris box running iPlanet). I
really am clueless on why everything else will work (especially when I
ACCEPT everything), but this little thing with the mail apps won't
work.
I would appreciate any help, or suggestions on where to even look (email
server, linux box, help sites ....anything), or any recommendations if
any of you have set something like this up before.
Thanks,
Larry Eckert
Network Systems Specialist
Hanover College
(812) 866-6838
eckert@hanover.edu
**********************************************************************
To unsubscribe from this list, send an e-mail message to
majordomo@southwestern.edu containing a single line with the words:
unsubscribe netreg
Send requests for assistance to: owner-netreg@southwestern.edu
**********************************************************************
This archive was generated by hypermail 2.1.4 : Thu Aug 12 2004 - 12:01:41 CDT