[NTLUG:Discuss] Redhat 7.2, iptables & qpopper

Bob Byron bbyron at radit.com
Mon Feb 4 11:37:38 CST 2002 

Well, since your scan shows the ports are open, the first thing
I would do is to telnet into the port like this:
telnet xxx.xxx.xxx.xxx 110

If you see something like the following, then you are okay:
+OK POP3 killer-webs.com v2000.70rh server ready

Assuming that "killer-webs.com" would be your server.

Also, you can use the online tools at hexillion.com to aid
your trouble shooting.  Check out the online email dossier.

Bob

----- Original Message -----
From: "Stan Tigrett" <stigrett at killer-webs.com>
To: <discuss at ntlug.org>
Sent: Monday, February 04, 2002 11:11 AM
Subject: [NTLUG:Discuss] Redhat 7.2, iptables & qpopper


> I'm having a problem accessing our pop3 mail from outside our firewall, which is running iptables
(The firewall machine is also handles email for the organization, running sendmail & qpopper).  All
machines on the internal network can access it fine, but no external access is allowed.  It seems to
me that the problem is in the iptables setup, but I can't seem to enable it.  Any help is much
appreciated...
>
> More details:
> $EXTIP = external (routable) ip address of firewall
> $INTIP = internal (non-routable) ip address of firewall
>
> nmap $EXTIP executed from any external address returns:
> (The 1536 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 80/tcp     open        http
> 111/tcp    open        sunrpc
> 1024/tcp   open        kdm
>
> nmap $EXTIP executed from the firewall itself returns:
> (The 1536 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 21/tcp     open        ftp
> 22/tcp     open        ssh
> 25/tcp     open        smtp
> 110/tcp    open        pop-3
> 111/tcp    open        sunrpc
> 1024/tcp   open        kdm
>
> Running telnet $EXTIP 110 from an external address returns:
> Connection actively refused.
>
> Running telnet $EXTIP 110 from the firewall returns the standard qpopper banner & welcome message.
>
> Here are my current iptables rules:
> #begin firewall
> modprobe iptable_nat
> /sbin/iptables -F
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.1.100:80
> /sbin/iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.1 -s 192.168.1.0/24 --dport 80 -j
SNAT --to 192.168.1.100
> /sbin/iptables -A INPUT -s 0/0 -p tcp --destination-port 110 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
> #end firewall
>
> And iptables -L yields:
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:pop3
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
>
> Any ideas?  ssh & smtp both work fine from anywhere.
>
> Thanks -
> Stan
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list