Opening pop3 SuSEfirewall2 Quickmode

Prabu Subroto

6 Feb 2003 6 Feb '03

10:36

Hi...my collegues.... I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server. I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" ' My Yahoo Messenger client is also troubled even I have openned the port 5050. Any suggestion? Thank you very much in advance. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Show replies by date

Anders Johansson

6 Feb 6 Feb

10:51

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

On Thu, 2003-02-06 at 11:36, Prabu Subroto wrote:

...

Hi...my collegues....

I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.

I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '

My Yahoo Messenger client is also troubled even I have openned the port 5050.

Any suggestion?

Are you running the pop3 server through inetd? If so, did you restart it? What errors do you get in /var/log/messages when you try to access your pop3 server? Anders

Prabu Subroto

11:03

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

Hi Anders... No, I am not running a pop3 server. The pop3 server belongs to my ISP (arcor). The name of the pop3 is : pop3.arcor.de (with canonical name) or pop3.arcor-online.net . I didn't find the IP number of my computer in "/var/log/messages". My IP number is "192.168.23.237". Please help. Thank you very much in advance. --- Anders Johansson wrote:

...

On Thu, 2003-02-06 at 11:36, Prabu Subroto wrote:

...
Hi...my collegues....

I am trying to use Quickmode for my SuSEfirewall2. It looks ok except accessing pop3 server. I am using arcor (http://www.arcor.de) as my Internet Service Provider. With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.

I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '

My Yahoo Messenger client is also troubled even I have openned the port 5050.

Any suggestion?

Are you running the pop3 server through inetd? If so, did you restart it? What errors do you get in /var/log/messages when you try to access your pop3 server?

Anders

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Anders Johansson

11:09

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

On Thu, 2003-02-06 at 12:03, Prabu Subroto wrote:

...

Hi Anders...

No, I am not running a pop3 server. The pop3 server belongs to my ISP (arcor). The name of the pop3 is : pop3.arcor.de (with canonical name) or pop3.arcor-online.net .

In which case you should listen to Togan, remove the entry from your firewall, and look at masquerading. Anders

Prabu Subroto

11:17

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

Uff..... I removed the entry of this line, restart it, and try to access my mailbox. I can send an e-mail but I can not access my mailbox on pop3.arcor.de . Why? --- Anders Johansson wrote:

...

On Thu, 2003-02-06 at 12:03, Prabu Subroto wrote:

...
Hi Anders...

No, I am not running a pop3 server. The pop3 server belongs to my ISP (arcor). The name of the pop3 is : pop3.arcor.de (with canonical name) or pop3.arcor-online.net .

In which case you should listen to Togan, remove the entry from your firewall, and look at masquerading.

Anders

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Anders Johansson

11:21

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

On Thu, 2003-02-06 at 12:17, Prabu Subroto wrote:

...

Uff..... I removed the entry of this line, restart it, and try to access my mailbox. I can send an e-mail but I can not access my mailbox on pop3.arcor.de .

Why?

Can you ping pop3.arcor.de? Are you using arcor.de to send email too? I think this might be a good time to contact technical support at arcor.de

Prabu Subroto

11:29

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

Ooo....Ooo...... I had missunderstanding. after I read your e-mail I thought try to ping "pop3.arcor.de" and "mail.arcor.de". And the result is I can not ping the the pop3 and the smtp server of "arcor". I can send an e-mail may be because I have postfix on my gateway. So think now my problem is: if I use quick mode, than I should know how I should define the ip-masquerading. Could you tell me, please.... --- Anders Johansson wrote:

...

On Thu, 2003-02-06 at 12:17, Prabu Subroto wrote:

...
Uff..... I removed the entry of this line, restart it, and try to access my mailbox. I can send an e-mail but I can not access my mailbox on pop3.arcor.de .

Why?

Can you ping pop3.arcor.de? Are you using arcor.de to send email too?

I think this might be a good time to contact technical support at arcor.de

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

11:34

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

* Prabu Subroto; on 06 Feb, 2003 wrote:

...

I can send an e-mail may be because I have postfix on my gateway.

So think now my problem is: if I use quick mode, than I should know how I should define the ip-masquerading.

Could you tell me, please....

Reading documenation is always helpfull :-) # # 1.) # Should the Firewall run in quickmode? # # "Quickmode" means that only the interfaces pointing to external # networks # are secured, and no other. all interfaces not in the list of # FW_DEV_EXT # are allowed full network access! Additionally, masquerading is # automatically activated for FW_MASQ_DEV devices. and last but not # least: # all incoming connection via external interfaces are REJECTED. # You will only need to configure 2.) and FW_MASQ_DEV in 6.) # Optionally, you may add entries to section 9a.) # # Choice: "yes" or "no", if not set defaults to "no" # so you need to configure FW_MASQUERADE="yes" FW_MASQ_NETS=" 192.168.1.0/24" #change to your needs -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

11:48

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

I did like this, before using quick mode: ' FW_QUICKMODE="no" FW_MASQUERADE="yes" FW_MASQ_NETS="0/0" ' But if I use Quickmode (FW_QUICKMODE="yes") than the ip-masquerading doesn't work anymore. I don't understand. --- Togan Muftuoglu wrote:

...

...
I can send an e-mail may be because I have postfix on my gateway.

So think now my problem is: if I use quick mode,

* Prabu Subroto; on 06 Feb, 2003 wrote: than

...
I should know how I should define the ip-masquerading.

Could you tell me, please....

Reading documenation is always helpfull :-)

# # 1.) # Should the Firewall run in quickmode? # # "Quickmode" means that only the interfaces pointing to external # networks # are secured, and no other. all interfaces not in the list of # FW_DEV_EXT # are allowed full network access! Additionally, masquerading is # automatically activated for FW_MASQ_DEV devices. and last but not # least: # all incoming connection via external interfaces are REJECTED. # You will only need to configure 2.) and FW_MASQ_DEV in 6.) # Optionally, you may add entries to section 9a.) # # Choice: "yes" or "no", if not set defaults to "no" #

so you need to configure

FW_MASQUERADE="yes" FW_MASQ_NETS=" 192.168.1.0/24" #change to your needs

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

12:01

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

* Prabu Subroto; on 06 Feb, 2003 wrote:

...

FW_MASQ_NETS="0/0"

you want to have the correct network here 192.168.1.0/24 for example -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

12:10

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

Sorry Togan, but for this one of course I have already known. But even I change it more specified, I still can not activate the ip-masq in that way. So is it possible to use ip-masq with SuSEfirewall2 quickmode at the same time? --- Togan Muftuoglu wrote:

...

* Prabu Subroto; on 06 Feb, 2003 wrote:

...
FW_MASQ_NETS="0/0"

you want to have the correct network here 192.168.1.0/24 for example

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Anders Johansson

11:38

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

On Thu, 2003-02-06 at 12:29, Prabu Subroto wrote:

...

Ooo....Ooo...... I had missunderstanding.

after I read your e-mail I thought try to ping "pop3.arcor.de" and "mail.arcor.de". And the result is I can not ping the the pop3 and the smtp server of "arcor".

I can send an e-mail may be because I have postfix on my gateway.

So think now my problem is: if I use quick mode, than I should know how I should define the ip-masquerading.

Could you tell me, please....

I have no idea what "quick mode" is. But to set up SuSEfirewall2 to masquerade, edit /etc/sysconfig/SuSEfirewall2 and set FW_ROUTE="yes", FW_MASQUERADE="yes" and set your internal network in FW_MASQ_NETS (If you use addresses in 192.168.1.* then set FW_MASQ_NETS="192.168.1.0/24") Then restart the firewall and you should be set. Anders

Prabu Subroto

11:42

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

I did it, but it only works if I am not using "quick mode". Now, I want to use quickmode but also with IP-masquerading. But how? I found SuSEfirewall2 quick mode on the template of "/etc/sysconfig/SuSEfirewall2" --- Anders Johansson wrote:

...

...
Ooo....Ooo...... I had missunderstanding.

after I read your e-mail I thought try to ping "pop3.arcor.de" and "mail.arcor.de". And the result is I can not ping the the pop3 and the smtp server of "arcor".

I can send an e-mail may be because I have postfix on my gateway.

So think now my problem is: if I use quick mode,

On Thu, 2003-02-06 at 12:29, Prabu Subroto wrote: than

...
I should know how I should define the ip-masquerading.

Could you tell me, please....

I have no idea what "quick mode" is. But to set up SuSEfirewall2 to masquerade, edit /etc/sysconfig/SuSEfirewall2 and set FW_ROUTE="yes", FW_MASQUERADE="yes" and set your internal network in FW_MASQ_NETS (If you use addresses in 192.168.1.* then set FW_MASQ_NETS="192.168.1.0/24")

Then restart the firewall and you should be set.

Anders

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

10:58

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

* Prabu Subroto; on 06 Feb, 2003 wrote:

...

With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.

I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '

My Yahoo Messenger client is also troubled even I have openned the port 5050.

Any suggestion?

# 9a.) # External services in QUICKMODE. # This is only used for QUICKMODE (see 1.)! # (The settings here are similar to section 9.) # Which services ON THE FIREWALL should be accessible from either the # internet (or other untrusted networks), i.e. the external interface(s) # $FW_DEV_EXT The outcome of the above is you only place the entries for the services that _YOU_ACTUALLY_RUN on the firewall. So my question is are you really running all those services you have placed in your entry on your firewall. If not and you are trying to use the services provided by your ISP remove them all restart SuSEfirewall2 and continue surfing -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

11:13

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

Hi.... Firstly, sorry I forgot again to change my "To:". I sent my answer directly to you just now. I was an accident, sorry. Yes I am using the all services on my computer gateway and I am using the services from my ISP. So? But why can I not access my mailbox with quick mode, if I am using normal mode (I configure it more advanced) it runs properly. Where should I define the pop3 ? What should I read to add my knowledge about SuSEfirewall2 ? --- Togan Muftuoglu wrote:

...

* Prabu Subroto; on 06 Feb, 2003 wrote:

...
With quick mode I can send an e-mail with smtp but I can not accessing pop3 server.

I have openned the pop3 port, this way: ' FW_SERVICES_QUICK_TCP="ssh 53 80 110 25 3128 1049 1050 2121 8080 5050" '

My Yahoo Messenger client is also troubled even I have openned the port 5050.

Any suggestion?

# 9a.) # External services in QUICKMODE. # This is only used for QUICKMODE (see 1.)! # (The settings here are similar to section 9.) # Which services ON THE FIREWALL should be accessible from either the # internet (or other untrusted networks), i.e. the external interface(s) # $FW_DEV_EXT

The outcome of the above is you only place the entries for the services that _YOU_ACTUALLY_RUN on the firewall. So my question is are you really running all those services you have placed in your entry on your firewall. If not and you are trying to use the services provided by your ISP remove them all restart SuSEfirewall2 and continue surfing

--

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

Togan Muftuoglu

11:30

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

* Prabu Subroto; on 06 Feb, 2003 wrote:

...

Firstly, sorry I forgot again to change my "To:". I sent my answer directly to you just now. I was an accident, sorry.

...

Yes I am using the all services on my computer gateway and I am using the services from my ISP.

So? But why can I not access my mailbox with quick mode, if I am using normal mode (I configure it more advanced) it runs properly.

can you ping the pop server ( actually can you reach the popserver by any means maybe the server is down )

...

Where should I define the pop3 ? What should I read to

As far as I am concerned nowhere as it is not something you are running

...

add my knowledge about SuSEfirewall2 ?

check the http://sourceforge.net/projects/susefaq for SuSEfirewall2 documentation (with over 1000 downloads it should help you going on fast) -- Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

Prabu Subroto

11:39

New subject: [SLE] Opening pop3 SuSEfirewall2 Quickmode

No, sorry... I can not ping "pop3.arcor.de" and "mail.arcor.de". Where should I define ip-masq in SuSEfirewall2 quickmode? Thank you, Togan. --- Togan Muftuoglu wrote:

...

* Prabu Subroto; on 06 Feb, 2003 wrote:

...
Firstly, sorry I forgot again to change my "To:". I sent my answer directly to you just now. I was an accident, sorry.

Ok

...
Yes I am using the all services on my computer

gateway

...
and I am using the services from my ISP.

So? But why can I not access my mailbox with quick mode, if I am using normal mode (I configure it more advanced) it runs properly.

can you ping the pop server ( actually can you reach the popserver by any means maybe the server is down )

...
Where should I define the pop3 ? What should I read

to

As far as I am concerned nowhere as it is not something you are running

...
add my knowledge about SuSEfirewall2 ?

check the http://sourceforge.net/projects/susefaq for SuSEfirewall2 documentation (with over 1000 downloads it should help you going on fast) --

Togan Muftuoglu Unofficial SuSE FAQ Maintainer http://dinamizm.ath.cx

-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com

__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com

7760

Age (days ago)

7760

Last active (days ago)

List overview

Download

16 comments

3 participants

participants (3)

Anders Johansson
Prabu Subroto
Togan Muftuoglu