Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: SteveW on April 17, 2004, 06:30:07 PM
-
Hello community,
I'm no longer able to log into remote POP servers from my LAN.
I'm not exactly sure how this happened, or what I did if anything. It seemed that shortly after I installed QOS-CBQ bandwidth throttling this problem began. I subsequently removed the package but found it had no effect.
I don't really understand exactly how IPTABLES work, but thought there would be some clues there. Here are a couple of lines that I believe are the problems:
denylog tcp -- anywhere anywhere tcp dpt:pop3
denylog tcp -- anywhere anywhere tcp dpt:pop3s
Can you please tell me whether this is the problem, and if so what to type to fix it, or if you have any other suggestions I'd be very pleased to hear it. Running 6.0final
-
Steve
-
The template fragments that control IPTables are located at /etec/e-smith/templates/etc/rc.d/init.d/masq/. You might want to check in /etec/e-smith/templates-custom/etc/rc.d/init.d/masq/. to see if there are any left over custom fragments that could to causing your problem.
If there are, you should be able to just delete them, expand the template and restart masq.
-
Bonjour,
Ou doit on mettre les règles de config d'iptable données ici :http://antolien.nerim.net/ipcop/antispoof.htm
# Antispoofing
/sbin/iptables -t nat -I PREROUTING -i $RED_DEV -s 10.0.0.0/8 -j DROP
/sbin/iptables -t nat -I PREROUTING -i $RED_DEV -s 172.16.0.0/12 -j DROP
/sbin/iptables -t nat -I PREROUTING -i $RED_DEV -s 192.168.0.0/16 -j DROP
/sbin/iptables -t nat -I PREROUTING -i $RED_DEV -s 127.0.0.0/8 -j DROP
/sbin/iptables -t nat -I PREROUTING -i $RED_DEV -s 169.254.0.0/16 -j DROP
Avez vous un retour d'expérience sur ces modifs ? (quand ça touche la sécurité, je préfére être prudent)