Results 1 to 4 of 4
Thread: more fun with iptables
-
11-05-2003, 06:53 PM #1Junior Guru Wannabe
- Join Date
- Aug 2002
- Posts
- 43
more fun with iptables
Hello all,
Yesterday I posted asking about my iptables policy, you can see that thread here
The use of that policy with the listed change produces errors with email on the server. In short, email bounces to the server. A bounce looks similar to this
Code:A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: address@domain.tld local delivery failed ------ address@domain.tld ------ An error was detected while processing a file of BSMTP input. The error message was: 421 SMTP incoming data timeout - message abandoned The SMTP transaction started in line 0. The error was detected in line 3. 0 previous messages were successfully processed. The rest of the batch was abandoned. 421 SMTP incoming data timeout - message abandoned Transaction started in line 0 Error detected in line 3 ------ This is a copy of the message, including all the headers. ------ Return-path: Received: from [4.7.28.249] (helo=gaia.asylumgroup.net) by hostname.of.receiving.server with esmtp (Exim 4.24) id 1AHViH-0003I5-9G; Wed, 05 Nov 2003 14:01:17 -0800 Subject: test MIME-Version: 1.0 Date: Wed, 5 Nov 2003 16:01:51 -0600 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0008_01C3A3B6.1F567140" X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Message-ID: <63ABE5E6783C1947BA1C059C66545E101CFC@hostname.of.sending.server> X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: test Thread-Index: AcOj6GirjsaHsF+dQgiZhWu0PeRgWA== Content-class: urn:content-classes:message
Ben Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen
-
11-05-2003, 07:18 PM #2Web Hosting Guru
- Join Date
- Mar 2001
- Location
- California
- Posts
- 332
Let's see the output of 'iptables -L -v -n'
You probably need to add:
$IPTABLES -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
-
11-05-2003, 08:10 PM #3Junior Guru Wannabe
- Join Date
- Aug 2002
- Posts
- 43
[~]# iptables -L -v -n
Chain INPUT (policy DROP 10 packets, 1505 bytes)
pkts bytes target prot opt in out source destination
440 32151 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:37
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:43
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
19 1223 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
17 832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:873
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2083
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2086
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2087
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2089
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6666
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 558 packets, 506K bytes)
pkts bytes target prot opt in out source destination
Chain acctboth (0 references)
pkts bytes target prot opt in out source destinationBen Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen
-
11-05-2003, 08:14 PM #4Junior Guru Wannabe
- Join Date
- Aug 2002
- Posts
- 43
Yes, that line seems to alleviated the problem, thank you very much.
Ben Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen