The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Shorewall+SMTP+IP+WHM news problems...

Discussion in 'E-mail Discussions' started by x-man, Aug 11, 2004.

  1. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Hi,
    I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server (Currently I have over 800 messages in the mail queue)
    My server is on WHM/cPanel and EXIM....

    When I click on "Delivery Now" for some message in WHM I get error:
    Message 1BtoLi-00033G-RN is not frozen
    LOG: MAIN
    == test@hotmail.com R=lookuphost defer (-1): host lookup did not complete


    or connection refused...

    yes, I set 25 port for smtp in shorewall!

    Also, now WHM can`t get news from cPanel server!
    Also, now I can`t resolve IP addresses with PHP scripts, I can`t get who is host, only numbers....

    POP3 work fine....

    In shorewall.conf I have:
    IP_FORWARDING=Off
    ROUTE_FILTER=Yes

    In "/etc/shorewall/interfaces":
    net eth0 detect norfc1918,nobogons,blacklist,nosmurfs

    In "/etc/shorewall/rules":
    ACCEPT net fw icmp 8
    ACCEPT net fw tcp 20
    ACCEPT net fw tcp 21
    ACCEPT net fw tcp 22
    ACCEPT net fw tcp 25
    ACCEPT net fw tcp 53
    ACCEPT net fw udp 53
    ACCEPT net fw tcp 80
    ACCEPT net fw tcp 110
    ACCEPT net fw tcp 143
    ACCEPT net fw tcp 443
    ACCEPT net fw tcp 465
    ACCEPT net fw tcp 993
    ACCEPT net fw tcp 995
    ACCEPT net fw tcp 2082
    ACCEPT net fw tcp 2083
    ACCEPT net fw tcp 2086
    ACCEPT net fw tcp 2087
    ACCEPT net fw tcp 2095
    ACCEPT net fw tcp 2096
    ACCEPT dmz fw tcp smtp
    ACCEPT dmz fw tcp domain

    Here is what I get when restart shorewall:

    Loading /usr/share/shorewall/functions...
    Processing /etc/shorewall/params ...
    Processing /etc/shorewall/shorewall.conf...
    Restarting Shorewall...
    Initializing...
    Shorewall has detected the following iptables/netfilter capabilities:
    NAT: Available
    Packet Mangling: Available
    Multi-port Match: Available
    Connection Tracking Match: Available
    Determining Zones...
    Zones: net loc dmz
    Validating interfaces file...
    Validating hosts file...
    Validating Policy file...
    Determining Hosts in Zones...
    Net Zone: eth0:0.0.0.0/0
    Warning: Zone loc is empty
    Warning: Zone dmz is empty
    Processing /etc/shorewall/init ...
    Deleting user chains...
    Setting up Accounting...
    Creating Interface Chains...
    Configuring Proxy ARP
    Setting up NAT...
    Setting up NETMAP...
    Adding Common Rules
    Processing /etc/shorewall/initdone ...
    Setting up Blacklisting...
    Blacklisting enabled on eth0:0.0.0.0/0
    Adding Anti-smurf Rules
    Enabling RFC1918 Filtering
    Enabling Bogon Filtering
    Setting up Kernel Route Filtering...
    IP Forwarding Disabled!
    Processing /etc/shorewall/tunnels...
    Pre-processing Actions...
    Pre-processing /usr/share/shorewall/action.DropSMB...
    Pre-processing /usr/share/shorewall/action.RejectSMB...
    Pre-processing /usr/share/shorewall/action.DropUPnP...
    Pre-processing /usr/share/shorewall/action.RejectAuth...
    Pre-processing /usr/share/shorewall/action.DropPing...
    Pre-processing /usr/share/shorewall/action.DropDNSrep...
    Pre-processing /usr/share/shorewall/action.AllowPing...
    Pre-processing /usr/share/shorewall/action.AllowFTP...
    Pre-processing /usr/share/shorewall/action.AllowDNS...
    Pre-processing /usr/share/shorewall/action.AllowSSH...
    Pre-processing /usr/share/shorewall/action.AllowWeb...
    Pre-processing /usr/share/shorewall/action.AllowSMB...
    Pre-processing /usr/share/shorewall/action.AllowAuth...
    Pre-processing /usr/share/shorewall/action.AllowSMTP...
    Pre-processing /usr/share/shorewall/action.AllowPOP3...
    Pre-processing /usr/share/shorewall/action.AllowIMAP...
    Pre-processing /usr/share/shorewall/action.AllowTelnet...
    Pre-processing /usr/share/shorewall/action.AllowVNC...
    Pre-processing /usr/share/shorewall/action.AllowVNCL...
    Pre-processing /usr/share/shorewall/action.AllowNTP...
    Pre-processing /usr/share/shorewall/action.AllowRdate...
    Pre-processing /usr/share/shorewall/action.AllowNNTP...
    Pre-processing /usr/share/shorewall/action.AllowTrcrt...
    Pre-processing /usr/share/shorewall/action.AllowSNMP...
    Pre-processing /usr/share/shorewall/action.AllowPCA...
    Pre-processing /usr/share/shorewall/action.Drop...
    Pre-processing /usr/share/shorewall/action.Reject...
    Processing /etc/shorewall/rules...
    Rule "ACCEPT net fw icmp 8" added.
    Rule "ACCEPT net fw tcp 20" added.
    Rule "ACCEPT net fw tcp 21" added.
    Rule "ACCEPT net fw tcp 22" added.
    Rule "ACCEPT net fw tcp 25" added.
    Rule "ACCEPT net fw tcp 53" added.
    Rule "ACCEPT net fw udp 53" added.
    Rule "ACCEPT net fw tcp 80" added.
    Rule "ACCEPT net fw tcp 110" added.
    Rule "ACCEPT net fw tcp 143" added.
    Rule "ACCEPT net fw tcp 443" added.
    Rule "ACCEPT net fw tcp 465" added.
    Rule "ACCEPT net fw tcp 993" added.
    Rule "ACCEPT net fw tcp 995" added.
    Rule "ACCEPT net fw tcp 2082" added.
    Rule "ACCEPT net fw tcp 2083" added.
    Rule "ACCEPT net fw tcp 2086" added.
    Rule "ACCEPT net fw tcp 2087" added.
    Rule "ACCEPT net fw tcp 2095" added.
    Rule "ACCEPT net fw tcp 2096" added.
    Rule "ACCEPT dmz fw tcp smtp" added.
    Rule "ACCEPT dmz fw tcp domain" added.
    Rule "ACCEPT net fw tcp 26" added.
    Processing Actions...
    Processing /usr/share/shorewall/action.Drop...
    Rule "RejectAuth" added.
    Rule "dropBcast" added.
    Rule "dropInvalid" added.
    Rule "DropSMB" added.
    Rule "DropUPnP" added.
    Rule "dropNotSyn" added.
    Rule "DropDNSrep" added.
    Processing /usr/share/shorewall/action.Reject...
    Rule "RejectAuth" added.
    Rule "dropBcast" added.
    Rule "dropInvalid" added.
    Rule "RejectSMB" added.
    Rule "DropUPnP" added.
    Rule "dropNotSyn" added.
    Rule "DropDNSrep" added.
    Processing /usr/share/shorewall/action.RejectAuth...
    Rule "REJECT - - tcp 113" added.
    Processing /usr/share/shorewall/action.DropSMB...
    Rule "DROP - - udp 135" added.
    Rule "DROP - - udp 137:139" added.
    Rule "DROP - - udp 445" added.
    Rule "DROP - - tcp 135" added.
    Rule "DROP - - tcp 139" added.
    Rule "DROP - - tcp 445" added.
    Processing /usr/share/shorewall/action.DropUPnP...
    Rule "DROP - - udp 1900" added.
    Processing /usr/share/shorewall/action.DropDNSrep...
    Rule "DROP - - udp - 53" added.
    Processing /usr/share/shorewall/action.RejectSMB...
    Rule "REJECT - - udp 135" added.
    Rule "REJECT - - udp 137:139" added.
    Rule "REJECT - - udp 445" added.
    Rule "REJECT - - tcp 135" added.
    Rule "REJECT - - tcp 139" added.
    Rule "REJECT - - tcp 445" added.
    Processing /etc/shorewall/policy...
    Policy DROP for net to fw using chain net2all
    Policy ACCEPT for loc to net using chain loc2net
    Policy REJECT for dmz to fw using chain all2all
    Masqueraded Networks and Hosts:
    Processing /etc/shorewall/tos...
    Rule "all all tcp - ssh 16" added.
    Rule "all all tcp ssh - 16" added.
    Rule "all all tcp - ftp 16" added.
    Rule "all all tcp ftp - 16" added.
    Rule "all all tcp ftp-data - 8" added.
    Rule "all all tcp - ftp-data 8" added.
    Processing /etc/shorewall/ecn...
    Activating Rules...
    Processing /etc/shorewall/start ...
    Shorewall Restarted

    Where is problem?

    Thanks

    SORRY FOR MY ENGLISH:(
     
    #1 x-man, Aug 11, 2004
    Last edited: Aug 11, 2004
  2. aussiejock

    aussiejock Registered

    Joined:
    Aug 11, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Melbourne. Australia
    Tools problem

    arialarial
    Hi, you will find that there will be a few things that will not work IE: Message Programs/ Email/Tools-Internet Options in the Menu Bar. I get the following message and wish that someone knew how to fix it.
    (This operation has been Cancelled due to Restrictions in Effect on this Computer, Please contact your Systems Administrator) can anyone give Guidance on this problem.

    Aye Yours Jock. Melbourne. Australia :D :eek:
     
  3. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    All problems FIXED!!
    I only add few lines in /etc/shorewall/rules!

    WHM/cPanel use "873 port" (RSYNC) for something?

    Thanks
     
  4. adidasrta

    adidasrta Member

    Joined:
    Jan 12, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    i am having the exact problem you are having but i don't see how you fixed the issue.
     
  5. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    What is your problem?
    SMTP only or...?
     
  6. adidasrta

    adidasrta Member

    Joined:
    Jan 12, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    yes my e-mails are not being sent out.
     
  7. x-man

    x-man Well-Known Member

    Joined:
    Jan 25, 2004
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    In file "rules" (on my server: /etc/shorewall/rules) you ony must have this two lines for port 25, that is all (you must restar shorewall):

    ACCEPT net fw tcp 25
    ACCEPT fw net tcp 25
     
  8. adidasrta

    adidasrta Member

    Joined:
    Jan 12, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Then what about all the other rules?
     
Loading...

Share This Page