Re: [Shorewall-users] Can't send SMTP, although policy is set to ACCEPT

Wed, 01 Aug 2018 05:03:48 -0700 

Hello Matt,

The support page explicitly asks not to post configuration files but to post 
dumps instead, which I did. Here's an excrept from the posted dump file which 
seems to show that port 25 is open for net-fw connexions, line 11 :

     1  Chain net-fw (1 references)
     2   pkts bytes target     prot opt in     out     source               
destination
     3    252 13604 dynamic    all  --  *      *       0.0.0.0/0            
0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
     4    249 13452 smurfs     all  --  *      *       0.0.0.0/0            
0.0.0.0/0            ctstate INVALID,NEW,UNTRACKED
     5      0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            
0.0.0.0/0            udp dpts:67:68
     6   3008  714K tcpflags   tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0
     7   1756  464K ACCEPT     all  --  *      *       192.168.0.0/16       
0.0.0.0/0
     8     17  3878 ACCEPT     all  --  *      *       172.16.0.0/12        
0.0.0.0/0
     9    644  110K ACCEPT     all  --  *      *       10.10.10.0/24        
0.0.0.0/0
    10    830  165K ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0            -m geoip --source-country DZ,US
    11      0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0            multiport dports 22022,44044,25
    12     45  2292 Drop       all  --  *      *       0.0.0.0/0            
0.0.0.0/0
    13      1    40 LOG        all  --  *      *       0.0.0.0/0            
0.0.0.0/0            LOG flags 0 level 6 prefix "Shorewall:net-fw:DROP:"






Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On August 1, 2018 12:24 PM, Matt Darfeuille <matd...@gmail.com> wrote:

> On 8/1/2018 12:35 PM, daniel_1983--- via Shorewall-users wrote:
>
> > Hello list,
> > Shorewall is installed on my mail server. Its policy is to ACCEPT all 
> > traffic from $fw to net (same interface). Since the only thing I changed in 
> > the configuration is the policy file, I will paste the policy file that it 
> > working (mail is sent), and the policy file that is not working (mail is 
> > not sent).
> > NON-WORKING POLICY
> > root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy
> > [...]
> > $FW net ACCEPT
> > net $FW DROP INFO
> > root@messagerie[10.10.10.19] ~ #
>
> If you have the policy 'net $FW DROP' you will need to open those
> required ports in '/etc/shorewall/rules'.:
>
> net $FW tcp 25
>
> > shorewall dump after doing a shorewall reset then trying to send mail to 
> > host 192.162.70.68 : https://clbin.com/yO9h3. You can see that the 
> > connexion isn't even listed.
> > WORKING POLICY
> > root@messagerie[10.10.10.19] ~ # cat /etc/shorewall/policy
> > [...]
> > $FW net ACCEPT
> > net $FW ACCEPT
> > root@messagerie[10.10.10.19] ~ #
>
> 'net $FW ACCEPT' means that all traffic is 'ACCEPT'ed on the firewall
> from the net zone.
>
> -Matt
>
> --------------------------------------------------------------------------------------------------
>
> Matt Darfeuille
>
> ----------------
>
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to