OpenSuse 15.2 ports closed, no firewall enabled
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost. However, this causes other machines on local network to be denied access to the email server. Firewall is not enabled, iptables shows no rules. I am puzzled.
On 11/01/2022 02.36, Joseph Acquisto wrote:
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to the email server.
What do you mean? What mail server are they trying to access? I don't see why Linux would interfere with that, unless you assigned the same IP to two computers. Or do you want those machines to access the Linux mail server? Then you have to tell the Linux mail server to listen on the LAN, not on localhost only.
Firewall is not enabled, iptables shows no rules.
I am puzzled.
-- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to
On 11/01/2022 02.36, Joseph Acquisto wrote: the email server.
What do you mean?
What mail server are they trying to access?
I don't see why Linux would interfere with that, unless you assigned the same IP to two computers.
Or do you want those machines to access the Linux mail server? Then you have to tell the Linux mail server to listen on the LAN, not on localhost only.
I need to be able to access the SMTP services on the subject host from other servers on the local network. I cannot. Please see below for what I hope clarifies the problem The local IP address 192.168.x.x shows only port 22 (SSH) open: ~ # nmap -sT 192.168.x.xxx Starting Nmap 7.70 ( https://nmap.org ) at 2022-01-10 21:37 EST Nmap scan report for aabbcc (192.168.x.xxx) Host is up (0.000088s latency). Not shown: 999 closed ports PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
The localhost address 127.0.0.1 shows: ~ # nmap -sT 127.0.0.1 Starting Nmap 7.70 ( https://nmap.org ) at 2022-01-10 21:36 EST Nmap scan report for localhost (127.0.0.1) Host is up (0.017s latency). Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 783/tcp open spamassassin 10025/tcp open unknown Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds Therefore, I cannot access on the IP bound to the server for those services, except by accessing via localhost.
The firewall is not running: ~ # firewall-cmd --list-services FirewallD is not running
IPtables shows no rules: ~ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination I see no reason why the bound IP should have these ports closed. I should be able to find what causes them to be shut and reopen them. But I cannot find where that may be. joe a. --------------------------------- j4computers, llc Stone Ridge, NY 12484 845-687-3734 www.j4computers.com ---------------------------------
On 11/01/2022 03.45, Joe Acquisto-j4 wrote:
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to
On 11/01/2022 02.36, Joseph Acquisto wrote: the email server.
What do you mean?
What mail server are they trying to access?
I don't see why Linux would interfere with that, unless you assigned the same IP to two computers.
Or do you want those machines to access the Linux mail server? Then you have to tell the Linux mail server to listen on the LAN, not on localhost only.
I need to be able to access the SMTP services on the subject host from other servers on the local network. I cannot.
Please see below for what I hope clarifies the problem
Well, you have not told postfix (assuming you use postfix) to listen on 192.168.x.xxx, only on 127.0.0.1 You can do it with YaST, or directly editing /etc/postfix/main.cf inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost mynetworks_style = host mynetworks = 127.0.0.0/8 [::1/128] 192.168.1.0/28 Notice that you probably need to setup a DNS on your LAN, too. -- Cheers / Saludos, Carlos E. R. (from 15.2 x86_64 at Telcontar)
From: "Carlos E. R."
From: "Carlos E. R."
Date: Tue, 11 Jan 2022 04:47:15 +0100 . . .
Well, you have not told postfix (assuming you use postfix) to listen on 192.168.x.xxx, only on 127.0.0.1 You can do it with YaST, or directly editing /etc/postfix/main.cf
inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost mynetworks_style = host mynetworks = 127.0.0.0/8 [::1/128] 192.168.1.0/28
Notice that you probably need to setup a DNS on your LAN, too.
-- Cheers / Saludos,
Carlos E. R. (from 15.2 x86_64 at Telcontar)
You may also need to tweak mynetworks, but you don't need DNS; I've been using just /etc/hosts the whole time, and just IP addresses would also work (but would require changes in more places if you had to change the subnet for whatever reason).
-- Bob
I'll give it a better look in the morning. Sorry if I have mangled the replies to this list and replied to too many addressees joe a/ --------------------------------- j4computers, llc Stone Ridge, NY 12484 845-687-3734 www.j4computers.com ---------------------------------
Joseph Acquisto composed on 2022-01-11 01:36 (UTC):
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to the email server.
Firewall is not enabled, iptables shows no rules.
I am puzzled.
15.2 support has ended. Why not upgrade to 15.3 and see if that fixes it? -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
Am 11.01.22 um 05:00 schrieb Felix Miata:
Joseph Acquisto composed on 2022-01-11 01:36 (UTC):
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to the email server.
Firewall is not enabled, iptables shows no rules.
I am puzzled.
15.2 support has ended. Why not upgrade to 15.3 and see if that fixes it?
Because the reason is not the operating system but the postfix config. Upadting will exchange nothing here. # postconf inet_interfaces inet_interfaces = all if there is another output, do postconf -e "inet_interfaces = all" postfix reload (or postfix restart) to have postfix listen to all interfaces and not only to localhost. HTH, Werner --
Am 11.01.22 um 05:00 schrieb Felix Miata:
Joseph Acquisto composed on 2022-01-11 01:36 (UTC):
On OpenSuse 15.2, the assigned IP address has only SSH port open. The localhost has several more open, which allows me to run mail server, by referencing localhost.
However, this causes other machines on local network to be denied access to
the email server.
Firewall is not enabled, iptables shows no rules.
I am puzzled.
15.2 support has ended. Why not upgrade to 15.3 and see if that fixes it?
Because the reason is not the operating system but the postfix config. Upadting will exchange nothing here.
# postconf inet_interfaces inet_interfaces = all
if there is another output, do
postconf -e "inet_interfaces = all" postfix reload (or postfix restart)
to have postfix listen to all interfaces and not only to localhost.
HTH, Werner --
Thanks to all. It worked. Guess I forgot some basics. Next is to create some certificates specific to use with postfix, but that is another story. joe a.
Joe Acquisto-j4 wrote:
Thanks to all. It worked. Guess I forgot some basics. Next is to create some certificates specific to use with postfix, but that is another story.
There's nothing special about that, they're just "regular" certs, LetsEncrypt will help you with that. -- Per Jessen, Zürich (0.7°C)
Joe Acquisto-j4 wrote:
Thanks to all. It worked. Guess I forgot some basics. Next is to create some certificates specific to use with postfix, but that is another story.
There's nothing special about that, they're just "regular" certs, LetsEncrypt will help you with that.
-- Per Jessen, Zürich (0.7°C)
I use LetsEncrypt for my "public" sites, but wanted to avoid having to renew this one every 90 days or so. May end up having to do that anyway as the ISP may not accept "self signed" certs. joe a.
Joe Acquisto-j4 wrote:
Joe Acquisto-j4 wrote:
Thanks to all. It worked. Guess I forgot some basics. Next is to create some certificates specific to use with postfix, but that is another story.
There's nothing special about that, they're just "regular" certs, LetsEncrypt will help you with that.
-- Per Jessen, Zürich (0.7°C)
I use LetsEncrypt for my "public" sites, but wanted to avoid having to renew this one every 90 days or so.
May end up having to do that anyway as the ISP may not accept "self signed" certs.
In my experience, mail servers are often a lot less strict, as long as the traffic is secure. YMMV. -- Per Jessen, Zürich (0.1°C)
participants (7)
-
Bob Rogers
-
Carlos E. R.
-
Felix Miata
-
Joe Acquisto-j4
-
Joseph Acquisto
-
Per Jessen
-
Werner Flamme