Zenny
2017-02-15 09:05:30 UTC
Hi,
I have shorewall 4.6 with the rules in which I have DNATted required
ports ( (including smtp and postfix+dovecot related ports forwareded
viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM).
However, on the machine that I run Shorewall, it says only port 25 is
open, but not others (465,587, 993 and 995). That might be the reason
the outgoing mail works, but incoming does not.
# telnet <pulicIPofShorewallServer> 25
Trying<pulicIPofShorewallServer> ...
Connected to <pulicIPofShorewallServer> .
Escape character is '^]'.
220 server2.domain.tld ESMTP Postfix (Debian/GNU)
For other ports, it cannot connect:
telnet: Unable to connect to remote host: Connection refused
Did I miss something to make changes in shorewall config files to open
those ports in the server running shorewall?
Any input appreciated.
--
Cheers,
/z
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: http://openpgpjs.org
xsBNBFcTxwEBCAC+G0MG+BHNGs8orGRobPV6jd+8RtT4XhXXEnuEjLA5uHz8
1OulvUS/qiq58Jo/KEnTn19rtyNiN7GmrLvo14Q0+mpFQEfrnzj2NCr1bf8w
l5r+CrIIb+xFEqf5dIHf3w1NNXgHwl6Z3QBflZsqaPHa8y5dhAqVlr1NS7EL
VgCifutAppl2Fcl05p4F5pQLKHMYCO+5gPMnMfnOOe4BTch0VOg8N4qkv0Px
JtSHjHucpivf4eJwznejYwDt/AtdyaB7LUC9N6yuLN+QYuB/mIo0YVU2wcgP
iwr8ITfDUz5Nx0MUm9hmTbOyj6ixNOVuYMmOvevCzzU0ULEkr99EMoAJABEB
AAHNHFplbm55IDxnYXJieXRyYXNoQGdtYWlsLmNvbT7CwHIEEAEIACYFAlcT
xwEGCwkIBwMCCRABOcPTK6+XKwQVCAIKAxYCAQIbAwIeAQAAD5gH/21f5PLm
ytP4rd9HLGKHTMQola/VKMoCMlA7zb1LLJKTCJayZmIproblTyWO8iSSkkaA
89gIifuCTvMJ8vh4WLTUfO0gr+41uZhLScYqAOoqgctCPsyrHxV4QBYAzGf7
1LAEymtYBSiKHhks4Jff190Czrfupz7AAuLxepS1/RIZbdmeYO2g8FWf4sIR
ZFKehNMSWlspxYGxXdAmGLX+xtHD+LNHqqnERsuatynR9oJ3G8WauD4CiNgW
IRyfxf2xZVj7J+bGzg7dl7IJNmp0UDTLqqsF2TFpURyfIAAAhb3WkQAaV5n1
osMST1BbCnWdGo5bjpReuBl3lQ5bIn3Gc3HOwE0EVxPHAQEIAL2Pq+od71kT
/lRMt+XDryOc1XTT5DJW7BUMXOjXXOZfWsuGTrqU3O1XYPWYzoZy9L+6zpII
On/auicvkUblWvrXkt4CIVIU1qDk6KpDKVKBiINy5sk7cTyjumbqxPmnVBK2
DHN27rLOnReCnFUmgIgbfgK0/un0oEnAHvsYdeg1ydipd2vVzx3aJ1TfQS1W
IBWN125EO4nKQ5Kl1XV7nWvlv+ZvrOmOWVeSl9jpyZvLJDmks0E/AIF4QBJF
K+NTME8+x7CwFDQwLGENXojeZOfsNHbln91KE1ZU1/QvzLHVqdZOo/s20Y7V
tjdUsiUPpVQcsSpXLzGKPCWz90M3Be8AEQEAAcLAXwQYAQgAEwUCVxPHAgkQ
ATnD0yuvlysCGwwAAL9hCACP7CY1fivXEN4X+l/C56l/nARrNVoZvJr4QHnF
9C/r5m6TLCMov0eOLg8IvZF7M0Ecyvq1IzNqbwQd+8mTA4tn+aND20fk2z08
floFL6fJykIyAGtRMwAb3HdC1pqexk/0pYxhoy9GtQzqvK/NbcPPdBDd1N7M
pKdXDVhXhx0R1K6UlMYfnyc9o171UYRPlFrmdBV7ZLC4KeBKqFEESKXaxyRg
D7E1FXGl1pDMh2QJNM/n9gVLJb0+znBsPG4jUNOctAOhRwF9Z23qsU6AGpOu
QhWG1alJz6d1T4sTgPdh+K1nMWNKGUzzayAKrRPTbnwLEijqqJPpIIDVzoai
py73
=JPvb
-----END PGP PUBLIC KEY BLOCK-----
I have shorewall 4.6 with the rules in which I have DNATted required
ports ( (including smtp and postfix+dovecot related ports forwareded
viz. 25, 465, 587, 993, and 995) to an internal server (a lxc VM).
However, on the machine that I run Shorewall, it says only port 25 is
open, but not others (465,587, 993 and 995). That might be the reason
the outgoing mail works, but incoming does not.
# telnet <pulicIPofShorewallServer> 25
Trying<pulicIPofShorewallServer> ...
Connected to <pulicIPofShorewallServer> .
Escape character is '^]'.
220 server2.domain.tld ESMTP Postfix (Debian/GNU)
For other ports, it cannot connect:
telnet: Unable to connect to remote host: Connection refused
Did I miss something to make changes in shorewall config files to open
those ports in the server running shorewall?
Any input appreciated.
--
Cheers,
/z
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: http://openpgpjs.org
xsBNBFcTxwEBCAC+G0MG+BHNGs8orGRobPV6jd+8RtT4XhXXEnuEjLA5uHz8
1OulvUS/qiq58Jo/KEnTn19rtyNiN7GmrLvo14Q0+mpFQEfrnzj2NCr1bf8w
l5r+CrIIb+xFEqf5dIHf3w1NNXgHwl6Z3QBflZsqaPHa8y5dhAqVlr1NS7EL
VgCifutAppl2Fcl05p4F5pQLKHMYCO+5gPMnMfnOOe4BTch0VOg8N4qkv0Px
JtSHjHucpivf4eJwznejYwDt/AtdyaB7LUC9N6yuLN+QYuB/mIo0YVU2wcgP
iwr8ITfDUz5Nx0MUm9hmTbOyj6ixNOVuYMmOvevCzzU0ULEkr99EMoAJABEB
AAHNHFplbm55IDxnYXJieXRyYXNoQGdtYWlsLmNvbT7CwHIEEAEIACYFAlcT
xwEGCwkIBwMCCRABOcPTK6+XKwQVCAIKAxYCAQIbAwIeAQAAD5gH/21f5PLm
ytP4rd9HLGKHTMQola/VKMoCMlA7zb1LLJKTCJayZmIproblTyWO8iSSkkaA
89gIifuCTvMJ8vh4WLTUfO0gr+41uZhLScYqAOoqgctCPsyrHxV4QBYAzGf7
1LAEymtYBSiKHhks4Jff190Czrfupz7AAuLxepS1/RIZbdmeYO2g8FWf4sIR
ZFKehNMSWlspxYGxXdAmGLX+xtHD+LNHqqnERsuatynR9oJ3G8WauD4CiNgW
IRyfxf2xZVj7J+bGzg7dl7IJNmp0UDTLqqsF2TFpURyfIAAAhb3WkQAaV5n1
osMST1BbCnWdGo5bjpReuBl3lQ5bIn3Gc3HOwE0EVxPHAQEIAL2Pq+od71kT
/lRMt+XDryOc1XTT5DJW7BUMXOjXXOZfWsuGTrqU3O1XYPWYzoZy9L+6zpII
On/auicvkUblWvrXkt4CIVIU1qDk6KpDKVKBiINy5sk7cTyjumbqxPmnVBK2
DHN27rLOnReCnFUmgIgbfgK0/un0oEnAHvsYdeg1ydipd2vVzx3aJ1TfQS1W
IBWN125EO4nKQ5Kl1XV7nWvlv+ZvrOmOWVeSl9jpyZvLJDmks0E/AIF4QBJF
K+NTME8+x7CwFDQwLGENXojeZOfsNHbln91KE1ZU1/QvzLHVqdZOo/s20Y7V
tjdUsiUPpVQcsSpXLzGKPCWz90M3Be8AEQEAAcLAXwQYAQgAEwUCVxPHAgkQ
ATnD0yuvlysCGwwAAL9hCACP7CY1fivXEN4X+l/C56l/nARrNVoZvJr4QHnF
9C/r5m6TLCMov0eOLg8IvZF7M0Ecyvq1IzNqbwQd+8mTA4tn+aND20fk2z08
floFL6fJykIyAGtRMwAb3HdC1pqexk/0pYxhoy9GtQzqvK/NbcPPdBDd1N7M
pKdXDVhXhx0R1K6UlMYfnyc9o171UYRPlFrmdBV7ZLC4KeBKqFEESKXaxyRg
D7E1FXGl1pDMh2QJNM/n9gVLJb0+znBsPG4jUNOctAOhRwF9Z23qsU6AGpOu
QhWG1alJz6d1T4sTgPdh+K1nMWNKGUzzayAKrRPTbnwLEijqqJPpIIDVzoai
py73
=JPvb
-----END PGP PUBLIC KEY BLOCK-----