Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Trampas Stern on July 04, 2002, 05:50:57 AM
-
I have an e-smith as server and gateway. I was trying to get the NTP working today and somehow I must have blocked port 110 as that I am unable to send or recieve email from my ISP's POP server. Is their a way to check and see if the port is blocked and how to unblock it?
Thanks
-
Try this, http://www.portdetective.com
I think is good enough to test some ports
probably your isp is blocking e-mail ports to prevent unauth relay
Ale
-
The problem is that my computer on the LAN side of the e-smith is not connecting to the POP server on the WAN side. Therefore e-smith appears to be blocking access from the LAN to the internet on port 110. Port scanning only would check to see what ports are open on the e-smith as looking from the WAN side of things.
Trampas
-
Do an
ipchains -L
Look for a line with '110' or 'pop' under the 'ports' column.
If you didn't actually edit the masq script template, you might try expanding it and doing a masq restart. Otherwise just go back to the template and edit it again.
-
I am new to the linux world and system admin. I did try ipchains -L and got the listing below. It appears that their is a "denylog?" on the pop3. How do I renable it? I have tried rebooting and upgrading to 5.5.
Thanks in advance
Trampas
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ 192.168.72.0/24 192.168.72.0/24 n/a
ACCEPT all ------ 192.168.72.0/24 192.168.72.0/24 n/a
denylog tcp ------ 192.168.72.0/24 anywhere any -> pop3
MASQ all ------ 192.168.72.0/24 anywhere n/a
DENY all ------ anywhere anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
icmpOut icmp ------ anywhere anywhere any -> any
- tcp ------ anywhere anywhere any -> www
- tcp ------ anywhere anywhere any -> ssh
- tcp ------ anywhere anywhere any -> teln
et
- tcp ------ anywhere anywhere any -> ftp
- tcp ------ anywhere anywhere any -> pop3
- tcp ------ anywhere anywhere any -> smtp
- tcp ------ anywhere anywhere any -> ftp-
-
Post your masq file. Lets have a look. Also, what did you do to try to get ntp working?
Also, try just doing a telnet to your ISP and see what it gives.
telnet yourisp 110
telnet yourisp 25
Can you still browse the web and all? It seems weird that pop and smtp would stop working, but everything else would be ok.
-
I assume as that I have not figured out the ipchains command that you want the ip_masquerade file and the ip_fwchains files?
When I was trying to get the NTP working I was playing with commands ntptime and ntpdate. I also tried several NTP servers on the webadmin. Specifically I assume it was when I did an ntpdate -d ncnoc.ncren.net and ntpdate -u ncnoc.ncren.net. The only other thing I did was try to set the time from the webadmin while I had ntp enabled, even though it said not to.
ip_masquerade:
Prc FromIP FPrt ToIP TPrt Masq Init-seq Delta PDelta Expires (free=40960,
40958,40960)
TCP C0A84814:09CC 40040C46:0747 EE4F 00000000 0 0 1439540
TCP C0A84814:1093 40040CDB:0747 EE4A 00000000 0 0 718015
ip_fwchains:
input 00000000/00000000->00000000/00000000 - 10 0 1 0 82 0
5182 0-65535 0-65535 AFF X00 00000000 0 0 icmpIn
input 00000000/00000000->00000000/00000000 lo 0 0 0 0 1075 0
185721 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 ppp0 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 ppp1 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 ppp2 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 ppp3 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 eth1 0 0 6 0 0 0
0 0-19 0-65535 AFF X00 00000000 0 0 denylog
input 00000000/00000000->00000000/00000000 eth1 0 0 17 0 0 0
0 0-19 0-65535 AFF X00 00000000 0 0 denylog
input 00000000/00000000->00000000/00000000 eth1 0 0 6 0 0 0
0 0-65535 0-19 AFF X00 00000000 0 0 denylog
input 00000000/00000000->00000000/00000000 eth1 0 0 17 0 0 0
0 0-65535 0-19 AFF X00 00000000 0 0 denylog
input E0000000/F0000000->00000000/00000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
input 00000000/00000000->E0000000/F0000000 - 10 0 0 0 198 0
5544 0-65535 0-65535 AFF X00 00000000 0 0 DENY
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 5800-5800 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 5900-5900 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 5901-5901 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->7F000001/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 80-80 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->C0A84801/FFFFFFFF - 10 0 6 0 188 0
21044 0-65535 80-80 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 252 0
16079 0-65535 80-80 AFF X00 00000000 0 0 ACCEPT
input C0A84800/FFFFFF00->00000000/00000000 - 10 0 6 0 1354 0
143799 0-65535 80-80 AFF X00 00000C38 0 0 REDIRECT
input C0A84800/FFFFFF00->00000000/00000000 - 10 0 0 0 10721 0
1423019 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 eth1 2 40 6 0 1869 0
1527149 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 113-113 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 17 0 0 0
0 0-65535 113-113 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 eth1 0 0 17 0 1295 0
444364 0-65535 67-68 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 eth0 0 0 17 0 0 0
0 67-68 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 20-20 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 3 0
168 0-65535 21-21 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 80-80 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 443-443 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 50 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 17 0 0 0
0 500-500 500-500 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 1723-1723 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 47 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 47 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 25-25 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 10 0 6 0 0 0
0 0-65535 22-22 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->42391914/FFFFFFFF - 12 0 6 0 0 0
0 0-65535 3306-3306 AFF X00 00000000 0 0 denylog
input 00000000/00000000->00000000/00000000 eth1 0 0 17 0 0 0
0 0-65535 520-520 AFF X00 00000000 0 0 DENY
input 00000000/00000000->00000000/00000000 eth1 0 0 6 0 0 0
0 0-65535 137-139 AFF X00 00000000 0 0 DENY
input 00000000/00000000->00000000/00000000 eth1 0 0 17 0 0 0
0 0-65535 137-139 AFF X00 00000000 0 0 DENY
input 00000000/00000000->42391914/FFFFFFFF - 12 0 6 0 0 0
0 0-65535 3128-3128 AFF X00 00000000 0 0 denylog
input 00000000/00000000->42391914/FFFFFFFF - 12 0 6 0 0 0
0 20-20 1024-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 - 10 0 6 0 6 0
288 0-65535 1024-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 - 10 0 17 0 365 0
64311 0-65535 1024-65535 AFF X00 00000000 0 0 ACCEPT
input 00000000/00000000->00000000/00000000 - 10 0 0 0 250 0
32815 0-65535 0-65535 AFF X00 00000000 0 0 denylog
forward C0A84800/FFFFFF00->C0A84800/FFFFFF00 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
forward C0A84800/FFFFFF00->C0A84800/FFFFFF00 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
forward C0A84800/FFFFFF00->00000000/00000000 - 10 0 6 0 522 0
25056 0-65535 110-110 AFF X00 00000000 0 0 denylog
forward C0A84800/FFFFFF00->00000000/00000000 - 10 0 0 0 383 0
17313 0-65535 0-65535 AFF X00 00000000 0 0 MASQ
forward 00000000/00000000->00000000/00000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
output 00000000/00000000->00000000/00000000 - 10 0 1 0 72 0
4706 0-65535 0-65535 AFF X00 00000000 0 0 icmpOut
output 00000000/00000000->00000000/00000000 - 10 0 6 0 1443 0
171086 0-65535 80-80 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 0 0
0 0-65535 22-22 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 0 0
0 0-65535 23-23 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 0 0
0 0-65535 21-21 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 6 0
280 0-65535 110-110 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 0 0
0 0-65535 25-25 A01 X10 00000000 0 0 -
output 00000000/00000000->00000000/00000000 - 10 0 6 0 0 0
0 0-65535 20-20 A01 X08 00000000 0 0 -
output 00000000/00000000->00000000/00000000 lo 0 0 0 0 1075 0
185721 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->00000000/00000000 ppp0 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->00000000/00000000 ppp1 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->00000000/00000000 ppp2 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->00000000/00000000 ppp3 0 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output E0000000/F0000000->00000000/00000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
output 00000000/00000000->E0000000/F0000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 DENY
output C0A84800/FFFFFF00->00000000/00000000 - 10 0 1 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->C0A84800/FFFFFF00 - 10 0 0 0 11025 0
2954491 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 0 0
0 20-20 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 23 0
1625 21-21 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 202 0
27823 80-80 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 0 0
0 443-443 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 0 0
0 25-25 0-65535 AFF X00 00000000 0 0 ACCEPT
output 42391914/FFFFFFFF->00000000/00000000 - 12 40 6 0 0 0
0 22-22 0-65535 AFF X00 00000000 0 0 ACCEPT
output 00000000/00000000->00000000/00000000 - 10 0 0 0 2225 0
215120 0-65535 0-65535 AFF X00 00000000 0 0 ACCEPT
denylog 00000000/00000000->00000000/00000000 - 10 0 0 0 772 0
57871 0-65535 0-65535 AFF X00 00000000 0 0 DENY
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 5 0
140 0-0 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 21 0
1262 3-3 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 4-4 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 11-11 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 12-12 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 1 0 56 0
3780 8-8 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpIn 00000000/00000000->00000000/00000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 denylog
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 13 0
364 8-8 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 56 0
3780 0-0 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 3 0
562 3-3 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 4-4 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 11-11 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 1 0 0 0
0 12-12 0-65535 AFF X00 00000000 0 0 ACCEPT
icmpOut 00000000/00000000->00000000/00000000 - 10 0 0 0 0 0
0 0-65535 0-65535 AFF X00 00000000 0 0 denylog
-
I finally got it working by typing:
ipchains -D forward -p tcp -s 192.168.72.0/24 -d 0/0 110 -j denylog
I am still wondering how this got into the ipchains and how to prevent it from happening again.
-
Actually I meant your /etc/init.d/masq file.
That is the file that runs all the ipchain rules for you. You might want to check and make sure there isn't an entry in there blocking 110, or else next time you restart it will be back.
You also said you could'nt send before, are you able to now? If not there may be a rule blocking port 25 as well.
If nothing edited you templates (/etc/e-smith/templates/etc/init.d/masq/) then restarting or expanding the template really should have fixed the problem. Seems kinda strange.
O well, if its working, its working.
-
I did not find the reference to closing that port in the masqurade file. I even did a reboot and the port blocking did not return. I was wondering if it may have been caused by issuing the ntpdate with the -d option?
Thanks for the help
Trampas
-
Chris, I forgot to mention that I did not "expand" the templates as I have no idea how to do that. I was under the assumption that this happend automatically when the system was rebooted. However this may not be the case.
Trampas
-
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
- will do the expansion.
Note that the proper place for expanding masq is not under /etc/init.d as that's just a symlink.
Craig F.