Hi...my collegues.... I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server. I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" ' My Yahoo Messenger client is also troubled even I have openned the port 5050. Any suggestion? Thank you very much in advance. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Thu, 2003-02-06 at 11:36, Prabu Subroto wrote:
Hi...my collegues....
I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.
I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '
My Yahoo Messenger client is also troubled even I have openned the port 5050.
Any suggestion?
Are you running the pop3 server through inetd? If so, did you restart it? What errors do you get in /var/log/messages when you try to access your pop3 server? Anders
Hi Anders...
No, I am not running a pop3 server. The pop3 server
belongs to my ISP (arcor). The name of the pop3 is :
pop3.arcor.de (with canonical name) or
pop3.arcor-online.net .
I didn't find the IP number of my computer in
"/var/log/messages". My IP number is "192.168.23.237".
Please help. Thank you very much in advance.
--- Anders Johansson
On Thu, 2003-02-06 at 11:36, Prabu Subroto wrote:
Hi...my collegues....
I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.
I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '
My Yahoo Messenger client is also troubled even I have openned the port 5050.
Any suggestion?
Are you running the pop3 server through inetd? If so, did you restart it? What errors do you get in /var/log/messages when you try to access your pop3 server?
Anders
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Thu, 2003-02-06 at 12:03, Prabu Subroto wrote:
Hi Anders...
No, I am not running a pop3 server. The pop3 server belongs to my ISP (arcor). The name of the pop3 is : pop3.arcor.de (with canonical name) or pop3.arcor-online.net .
In which case you should listen to Togan, remove the entry from your firewall, and look at masquerading. Anders
Uff..... I removed the entry of this line, restart it,
and try to access my mailbox.
I can send an e-mail but I can not access my mailbox
on pop3.arcor.de .
Why?
--- Anders Johansson
On Thu, 2003-02-06 at 12:03, Prabu Subroto wrote:
Hi Anders...
No, I am not running a pop3 server. The pop3 server belongs to my ISP (arcor). The name of the pop3 is : pop3.arcor.de (with canonical name) or pop3.arcor-online.net .
In which case you should listen to Togan, remove the entry from your firewall, and look at masquerading.
Anders
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Thu, 2003-02-06 at 12:17, Prabu Subroto wrote:
Uff..... I removed the entry of this line, restart it, and try to access my mailbox. I can send an e-mail but I can not access my mailbox on pop3.arcor.de .
Why?
Can you ping pop3.arcor.de? Are you using arcor.de to send email too? I think this might be a good time to contact technical support at arcor.de
Ooo....Ooo...... I had missunderstanding.
after I read your e-mail I thought try to ping
"pop3.arcor.de" and "mail.arcor.de". And the result is
I can not ping the the pop3 and the smtp server of
"arcor".
I can send an e-mail may be because I have postfix on
my gateway.
So think now my problem is: if I use quick mode, than
I should know how I should define the ip-masquerading.
Could you tell me, please....
--- Anders Johansson
On Thu, 2003-02-06 at 12:17, Prabu Subroto wrote:
Uff..... I removed the entry of this line, restart it, and try to access my mailbox. I can send an e-mail but I can not access my mailbox on pop3.arcor.de .
Why?
Can you ping pop3.arcor.de? Are you using arcor.de to send email too?
I think this might be a good time to contact technical support at arcor.de
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
I can send an e-mail may be because I have postfix on my gateway.
So think now my problem is: if I use quick mode, than I should know how I should define the ip-masquerading.
Could you tell me, please....
Reading documenation is always helpfull :-) # # 1.) # Should the Firewall run in quickmode? # # "Quickmode" means that only the interfaces pointing to external # networks # are secured, and no other. all interfaces not in the list of # FW_DEV_EXT # are allowed full network access! Additionally, masquerading is # automatically activated for FW_MASQ_DEV devices. and last but not # least: # all incoming connection via external interfaces are REJECTED. # You will only need to configure 2.) and FW_MASQ_DEV in 6.) # Optionally, you may add entries to section 9a.) # # Choice: "yes" or "no", if not set defaults to "no" # so you need to configure FW_MASQUERADE="yes" FW_MASQ_NETS=" 192.168.1.0/24" #change to your needs -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
I did like this, before using quick mode:
'
FW_QUICKMODE="no"
FW_MASQUERADE="yes"
FW_MASQ_NETS="0/0"
'
But if I use Quickmode (FW_QUICKMODE="yes") than the
ip-masquerading doesn't work anymore.
I don't understand.
--- Togan Muftuoglu
I can send an e-mail may be because I have postfix on my gateway.
So think now my problem is: if I use quick mode,
* Prabu Subroto;
on 06 Feb, 2003 wrote: than I should know how I should define the ip-masquerading.
Could you tell me, please....
Reading documenation is always helpfull :-)
# # 1.) # Should the Firewall run in quickmode? # # "Quickmode" means that only the interfaces pointing to external # networks # are secured, and no other. all interfaces not in the list of # FW_DEV_EXT # are allowed full network access! Additionally, masquerading is # automatically activated for FW_MASQ_DEV devices. and last but not # least: # all incoming connection via external interfaces are REJECTED. # You will only need to configure 2.) and FW_MASQ_DEV in 6.) # Optionally, you may add entries to section 9a.) # # Choice: "yes" or "no", if not set defaults to "no" #
so you need to configure
FW_MASQUERADE="yes" FW_MASQ_NETS=" 192.168.1.0/24" #change to your needs
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
FW_MASQ_NETS="0/0"
you want to have the correct network here 192.168.1.0/24 for example -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Sorry Togan, but for this one of course I have already
known. But even I change it more specified, I still
can not activate the ip-masq in that way.
So is it possible to use ip-masq with SuSEfirewall2
quickmode at the same time?
--- Togan Muftuoglu
* Prabu Subroto;
on 06 Feb, 2003 wrote: FW_MASQ_NETS="0/0"
you want to have the correct network here 192.168.1.0/24 for example
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
On Thu, 2003-02-06 at 12:29, Prabu Subroto wrote:
Ooo....Ooo...... I had missunderstanding.
after I read your e-mail I thought try to ping "pop3.arcor.de" and "mail.arcor.de". And the result is I can not ping the the pop3 and the smtp server of "arcor".
I can send an e-mail may be because I have postfix on my gateway.
So think now my problem is: if I use quick mode, than I should know how I should define the ip-masquerading.
Could you tell me, please....
I have no idea what "quick mode" is. But to set up SuSEfirewall2 to masquerade, edit /etc/sysconfig/SuSEfirewall2 and set FW_ROUTE="yes", FW_MASQUERADE="yes" and set your internal network in FW_MASQ_NETS (If you use addresses in 192.168.1.* then set FW_MASQ_NETS="192.168.1.0/24") Then restart the firewall and you should be set. Anders
I did it, but it only works if I am not using "quick
mode". Now, I want to use quickmode but also with
IP-masquerading.
But how?
I found SuSEfirewall2 quick mode on the template of
"/etc/sysconfig/SuSEfirewall2"
--- Anders Johansson
Ooo....Ooo...... I had missunderstanding.
after I read your e-mail I thought try to ping "pop3.arcor.de" and "mail.arcor.de". And the result is I can not ping the the pop3 and the smtp server of "arcor".
I can send an e-mail may be because I have postfix on my gateway.
So think now my problem is: if I use quick mode,
On Thu, 2003-02-06 at 12:29, Prabu Subroto wrote: than
I should know how I should define the ip-masquerading.
Could you tell me, please....
I have no idea what "quick mode" is. But to set up SuSEfirewall2 to masquerade, edit /etc/sysconfig/SuSEfirewall2 and set FW_ROUTE="yes", FW_MASQUERADE="yes" and set your internal network in FW_MASQ_NETS (If you use addresses in 192.168.1.* then set FW_MASQ_NETS="192.168.1.0/24")
Then restart the firewall and you should be set.
Anders
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.
I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '
My Yahoo Messenger client is also troubled even I have openned the port 5050.
Any suggestion?
# 9a.) # External services in QUICKMODE. # This is only used for QUICKMODE (see 1.)! # (The settings here are similar to section 9.) # Which services ON THE FIREWALL should be accessible from either the # internet (or other untrusted networks), i.e. the external interface(s) # $FW_DEV_EXT The outcome of the above is you only place the entries for the services that _YOU_ACTUALLY_RUN on the firewall. So my question is are you really running all those services you have placed in your entry on your firewall. If not and you are trying to use the services provided by your ISP remove them all restart SuSEfirewall2 and continue surfing -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
Hi....
Firstly, sorry I forgot again to change my "To:". I
sent my answer directly to you just now. I was an
accident, sorry.
Yes I am using the all services on my computer gateway
and I am using the services from my ISP.
So? But why can I not access my mailbox with quick
mode, if I am using normal mode (I configure it more
advanced) it runs properly.
Where should I define the pop3 ? What should I read to
add my knowledge about SuSEfirewall2 ?
--- Togan Muftuoglu
* Prabu Subroto;
on 06 Feb, 2003 wrote: With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.
I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '
My Yahoo Messenger client is also troubled even I have openned the port 5050.
Any suggestion?
# 9a.) # External services in QUICKMODE. # This is only used for QUICKMODE (see 1.)! # (The settings here are similar to section 9.) # Which services ON THE FIREWALL should be accessible from either the # internet (or other untrusted networks), i.e. the external interface(s) # $FW_DEV_EXT
The outcome of the above is you only place the entries for the services that _YOU_ACTUALLY_RUN on the firewall. So my question is are you really running all those services you have placed in your entry on your firewall. If not and you are trying to use the services provided by your ISP remove them all restart SuSEfirewall2 and continue surfing
--
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
* Prabu Subroto;
Firstly, sorry I forgot again to change my "To:". I sent my answer directly to you just now. I was an accident, sorry.
Ok
Yes I am using the all services on my computer gateway and I am using the services from my ISP.
So? But why can I not access my mailbox with quick mode, if I am using normal mode (I configure it more advanced) it runs properly.
can you ping the pop server ( actually can you reach the popserver by any means maybe the server is down )
Where should I define the pop3 ? What should I read to
As far as I am concerned nowhere as it is not something you are running
add my knowledge about SuSEfirewall2 ?
check the http://sourceforge.net/projects/susefaq for SuSEfirewall2 documentation (with over 1000 downloads it should help you going on fast) -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
No, sorry... I can not ping "pop3.arcor.de" and
"mail.arcor.de".
Where should I define ip-masq in SuSEfirewall2
quickmode?
Thank you, Togan.
--- Togan Muftuoglu
* Prabu Subroto;
on 06 Feb, 2003 wrote: Firstly, sorry I forgot again to change my "To:". I sent my answer directly to you just now. I was an accident, sorry.
Ok
Yes I am using the all services on my computer
gateway
and I am using the services from my ISP.
So? But why can I not access my mailbox with quick mode, if I am using normal mode (I configure it more advanced) it runs properly.
can you ping the pop server ( actually can you reach the popserver by any means maybe the server is down )
Where should I define the pop3 ? What should I read
to
As far as I am concerned nowhere as it is not something you are running
add my knowledge about SuSEfirewall2 ?
check the http://sourceforge.net/projects/susefaq for SuSEfirewall2 documentation (with over 1000 downloads it should help you going on fast) --
Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
participants (3)
-
Anders Johansson
-
Prabu Subroto
-
Togan Muftuoglu