RE: Ipchains blocking Sendmail

["Gautier . Rich" <RGautier () drc com>]

External Interface should allow output to destination port 25, source
port any.  I think you have it reversed there...

Rich Gautier
Dynamics Research Corp
Personal Website - http://rgautier.tripod.com
Attachment is Public Key for the sender: rgautier () drc com


-----Original Message-----
From: csobre [mailto:csobre () bol com br]
Sent: Tuesday, September 17, 2002 1:51 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Ipchains blocking Sendmail


Hi,

I have a linux machine connected to
the internet and to an internal network.
I am running Sendmail and Ipchains.
I have the following rules for
Ipchains on port 25:


   # SMTP server (25)
   # ----------------
   ipchains -A input  -i
$EXTERNAL_INTERFACE -p tcp  \
            --source-port $UNPRIVPORTS \
            -d $IPADDR 25 -j ACCEPT

   ipchains -A input  -i
$LOCAL_INTERFACE_1 -p tcp  \
            --source-port $UNPRIVPORTS \
            -d $LOCAL_IPADDR 25 -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $LOCAL_IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

The only other ports I also ACCEPT are
53 and 113.

I can send and receive mail inside my
network, but can´t receive or send
E-mail to the internet.
After examining the Messages log there
are many lines with (Connection
refused by server) when sendmail tries
to connect to smtp servers on the
internet.

What am I missing here?

Thanks in advance.

 
________________________________________________________________________
__
AcessoBOL, só R$ 9,90! O menor preço do mercado!
Assine já! http://www.bol.com.br/acessobol


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment: smime.p7s
Description: