Dear All, I'm really new in susefirewall2. I have setup susefirewall2 with suse 8.2 using Yast. I also have added services that available in my server : FW_SERVICES_EXT_TCP="http imap pop3 smtp ssh" .... But my smtp is not reachable from internet. Only from internal or my network that in 1 subnet. Please help :( -- Arie Reynaldi Zanahar reyman@reynaldi.com
maybe check your postfix and check your $my_networks and $my_proxy -----Original Message----- From: Arie Reynaldi Zanahar [mailto:reyman@reynaldi.com] Sent: 05 February 2004 09:27 AM To: suse-security@suse.com Subject: [suse-security] Can't access from outside Dear All, I'm really new in susefirewall2. I have setup susefirewall2 with suse 8.2 using Yast. I also have added services that available in my server : FW_SERVICES_EXT_TCP="http imap pop3 smtp ssh" .... But my smtp is not reachable from internet. Only from internal or my network that in 1 subnet. Please help :( -- Arie Reynaldi Zanahar reyman@reynaldi.com -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
From: "Arie Reynaldi Zanahar" <reyman@reynaldi.com> Sent: Thursday, February 05, 2004 8:26 AM
Dear All,
Hi,
I'm really new in susefirewall2. I have setup susefirewall2 with suse 8.2 using Yast. I also have added services that available in my server : FW_SERVICES_EXT_TCP="http imap pop3 smtp ssh" .... But my smtp is not reachable from internet. Only from internal or my network that in 1 subnet. Please help :(
-- Arie Reynaldi Zanahar reyman@reynaldi.com
Hi, does your mailserver (which one do you use?) also listens on the external ip-adress? c y Torsten
* Arie Reynaldi Zanahar; <reyman@reynaldi.com> on 05 Feb, 2004 wrote:
Dear All,
I'm really new in susefirewall2. I have setup susefirewall2 with suse 8.2 using Yast. I also have added services that available in my server : FW_SERVICES_EXT_TCP="http imap pop3 smtp ssh" .... But my smtp is not reachable from internet. Only from internal or my network that in 1 subnet. Please help :(
/etc/sysconfig/mail # SMTPD_LISTEN_REMOTE="yes" -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
This may be silly, but have you put the machine in the DMZ?
Yes, it already added. I use posfix from suse CD's. I can send email from inside network through this server. But from outside, it can't be reach. Try to telnet reynaldi.dyndns.org 25.. :( Maybe this main.cf can help arz:/etc/sysconfig # postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 inet_interfaces = all mail_owner = postfix mail_spool_directory = /var/spool/mail mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, localhost.$mydomain, $mydomain mydomain = reynaldi.dyndns.org myhostname = arie.reynaldi.dyndns.org mynetworks = 192.127.0.0/24, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /etc/postfix/readme relay_domains = $mydestination sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination reject_rbl_client cbl.abuseat.org reject_rbl_client relays.ordb.org transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 450
/etc/sysconfig/mail
# SMTPD_LISTEN_REMOTE="yes"
--
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Arie Reynaldi Zanahar reyman@reynaldi.com
Hello, I think this is your problem:
mynetworks = 192.127.0.0/24, 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination,
When connecting from outside your origin is not "mynetworks". Test it from outside with a $ telnet yourserver.dyndns.org 25 If you get an answer like: 220 yourserver.dyndns.org ESMTP Postix it is not a firewall problem. Then you will have to configure postifx correctly. Christian
I try to telnet from outside, but there's no response. From internal or my other servers that in one subnet, I get this answer telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... Connected to reynaldi.dyndns.org. Escape character is '^]'. 220 arie.reynaldi.dyndns.org ESMTP Postfix But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers. I think it's firewall problem :(
Test it from outside with a
$ telnet yourserver.dyndns.org 25
If you get an answer like:
220 yourserver.dyndns.org ESMTP Postix
it is not a firewall problem. Then you will have to configure postifx correctly.
Christian
-- Arie Reynaldi Zanahar reyman@reynaldi.com
DNS or Firewall. Try a Telnet aaa.bbb.ccc.ddd 25 Where aaa.bbb.ccc.ddd is your real (not dyndns) ip-adress. Perhaps dyndns is not up to date. Christian
I try to telnet from outside, but there's no response. From internal or my other servers that in one subnet, I get this answer telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... Connected to reynaldi.dyndns.org. Escape character is '^]'. 220 arie.reynaldi.dyndns.org ESMTP Postfix
But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out
And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers.
I think it's firewall problem :(
Test it from outside with a
$ telnet yourserver.dyndns.org 25
If you get an answer like:
220 yourserver.dyndns.org ESMTP Postix
it is not a firewall problem. Then you will have to configure postifx correctly.
Christian
-- Arie Reynaldi Zanahar reyman@reynaldi.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi !
I try to telnet from outside, but there's no response. From internal or my other servers that in one subnet, I get this answer telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... Connected to reynaldi.dyndns.org. Escape character is '^]'. 220 arie.reynaldi.dyndns.org ESMTP Postfix
But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out
And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers.
--> I could image two options: 1) your ISP is not forwarding packets to port 25 ==> talk to the tech people of your ISP 2) the packets are blocked by the firewall ==> try to enable logging of all packets in the SuSEfirewall2 script, section 16 FW_LOG_DROP_ALL="yes" Then have a look in /var/log/messages or /var/log/firewall to find out why the packets are dropped. HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
* Arie Reynaldi Zanahar; <reyman@reynaldi.com> on 05 Feb, 2004 wrote:
But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out
A wild guess could it be your ISP is blocking port 25
And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers.
I think it's firewall problem :(
try with logging options set to yes in /etc/sysconfig/SuSEfirewall2 and to test it use "SuSEfirewall2 test" command (warning this is not firewalling all your ports are open it just shows what would SuSEfirewall2 do to the packet ) -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
Mm.. I have logged the firewall, here's the messages eb 7 12:07:14 arz kernel: martian source 202.152.xx.xx from 202.59.161xx, on dev eth1 Feb 7 12:07:14 arz kernel: ll header: 00:60:97:63:2c:13:00:0d:28:c7:ae:74:08:00 It happend when I try access ssh from external IP. 202.152.xx.xx is my IP. Any suggestion ? Is it why my server can't be access from outside ? regards, On Thursday 05 February 2004 16:53, Togan Muftuoglu wrote:
* Arie Reynaldi Zanahar; <reyman@reynaldi.com> on 05 Feb, 2004 wrote:
But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out
A wild guess could it be your ISP is blocking port 25
And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers.
I think it's firewall problem :(
try with logging options set to yes in /etc/sysconfig/SuSEfirewall2 and to test it use "SuSEfirewall2 test" command (warning this is not firewalling all your ports are open it just shows what would SuSEfirewall2 do to the packet )
--
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum
-- Arie Reynaldi Zanahar reyman@reynaldi.com
I am just starting with this kind of stuff, but, does dyndns have a valid mx entry in their dns pointing to your mail server? I have checked dig -t reynaldi.com and there is no entry for a MX server (Mail eXchange). I am a novice with this, so I can be absolutely wrong. But I would check it. Any suggestions from the very experts in the list? I am new to the list... Cheers, miguel El jue, 05-02-2004 a las 09:37, Arie Reynaldi Zanahar escribió:
I try to telnet from outside, but there's no response. From internal or my other servers that in one subnet, I get this answer telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... Connected to reynaldi.dyndns.org. Escape character is '^]'. 220 arie.reynaldi.dyndns.org ESMTP Postfix
But from other place I got no response telnet reynaldi.dyndns.org 25 Trying 202.152.21.230... telnet: connect to address 202.152.21.230: Connection timed out
And in my /var/log/mail, there's no messages that shows any connection from ex. yahoo.com or any other servers.
I think it's firewall problem :(
Test it from outside with a
$ telnet yourserver.dyndns.org 25
If you get an answer like:
220 yourserver.dyndns.org ESMTP Postix
it is not a firewall problem. Then you will have to configure postifx correctly.
Christian
-- Arie Reynaldi Zanahar reyman@reynaldi.com
participants (8)
-
Allen -
Arie Reynaldi Zanahar -
Armin Schoech -
Barry Gill -
Christian Lange -
miguel listas -
Togan Muftuoglu -
Torsten E.