On Thu, Aug 14, 2003 at 10:04:56AM -0700, Daniel L. Miller wrote: > This is really getting frustrating - mainly because I don't really > understand what I'm doing. Using a port scanner from an external > webserver, it shows that ports 25, 80, and 10025 are all closed. > > What am I missing? > > Here's the iptables dump from both my firewall and my internal server. > > *** FIREWALL IPTABLES *** > > > iptables -n -v -L
> Chain OUTPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 0 0 ACCEPT all -- * eth0 67.106.235.126 > 192.168.69.0/24 I _think_ the above rule is not necessary and maybe not valid.. This is your internet ip adress, is it not? I believe your intent here is to ACCEPT and pass email and http? I _believe_ you need to change the source to 0.0.0.0/0 - well, really - probably replace this line altogether and substitute lines with source 0.0.0.0/0 and dports 25 and 80. The source for a packet would be wherever it originated, and not your email address. >From what I can gather, eth0 is your internal machine and eth1 is your outside connection.. > 900 154K ACCEPT all -- * eth0 192.168.69.0/24 > 192.168.69.0/24 > 0 0 drop-and-log-it all -- * eth1 0.0.0.0/0 > 192.168.69.0/24 > 6 504 ACCEPT all -- * eth1 67.106.235.126 > 0.0.0.0/0 > 0 0 drop-and-log-it all -- * * 0.0.0.0/0 > 0.0.0.0/0 > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
