On Thu, 17 Jan 2002, Tal Amir wrote: > hi all, > > this is kind of trickey, so i'll try to be as clear as i can. > i have a RH 6.2 machine at work, functioning as a mail-relay to an > exchange server sitting in the local LAN, with NAT address. > the linux machine is in a DMZ, with 1 nic, real ip. > everything worked wonderfull for more then 2 years, until last week, when > someone did a hard reset to that machine. >
Yuck. It is possible that some files got trashed in the process. > as for now, users that try to telnet this machine <ssh-advocacy> Install sshd and use it! Installing an ssh client on every windows machine is not practical. Download putty and put putty.exe on some SMB share </ssh-advocacy> > or get mail from it (using ms outlook) are > getting stuck in the autontication.the mail client gets stuck on > "verifying username and password" for 1-2 > minuetes, and then gives up with a connection timeout. Outlook has very strange-looking error messages. Figuring them out is not always easy. telnet your-server 110 If and when a (tcp) connection is established, try writing the following: USER username PASS topsecretpasswordinplaintext QUIT (wu-imapd is very polite, and will give you a prompt for every step. > i forgot to mention that some users use this machine as a pop3 server, and > others use the exchange (all mail messages > are forwarded to teh exchange, except for users that have "CL username" in > sendmail.conf . > from the outside, all services work just fine. pop3 over the internet? Consider using spop3 (when you have some time) > this is not a firewall problem, since i unloaded the policy, tried and got > nothing as well. > for some reason, i cannot get to authonticate (as pop3 or telnet) from the > internal network. > there is nothing preventing me to access in hosts.deny . > i am able to ping that machine from the inside, but thats about all i can > do. nothing more. > i did not change anything,or even touched that machine since the last > time it worked, so there is no way that i did > something wrong in any of the configuration files. > the only change that was "made" was that hard reset. (boy, is that guy > gonna get it) ;) > > any idea's are welcomed. > tal. Let's go one step at a time: * Is anybody listening on the ports of the internal interfaces? Perhaps your programs only listen on specific IPs? Use netstat -ln --tcp and see if any service listens on an address that is not 0.0.0.0 (=all interfaces). * Do packets from the clients get to the server? Use tcpdump or any other sniffer. This could be a DNS problem or a routing problem. * Have you looked at the logs? Any connection attempts logged? * Have you eliminated packet filtering? Make sure you log any packet that you drop. Watch the logs and see if connections don't yield messages of dropped packets. -- Tzafrir Cohen /"\ mailto:[EMAIL PROTECTED] \ / ASCII Ribbon Campaign Taub 229, 972-4-829-3942, X Against HTML Mail http://www.technion.ac.il/~tzafrir / \ ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
