The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

urgent!! iptables problem. always not saved when restarted.

Discussion in 'General Discussion' started by jacksony, Jan 16, 2006.

  1. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Hi, I experience this problem.

    Everytime I try to send a mail through SMTP, I will get "Connection refused" below for whatever emails I tried to send out. as a result all mails are stuck in "Mail queue" and these mails always give the error "Connection refused" when I tried to deliver them.

    "Message 1ExSdM-00015k-OU is not frozen
    delivering 1ExSdM-00015k-OU
    Connecting to gmail-smtp-in.l.google.com [72.14.205.27]:25 ... failed: Connection refused
    LOG: MAIN
    gmail-smtp-in.l.google.com [72.14.205.27]: Connection refused
    Connecting to gsmtp83.google.com [66.249.83.27]:25 ... failed: Connection refused
    LOG: MAIN
    gsmtp83.google.com [66.249.83.27]: Connection refused
    Connecting to gsmtp185-2.google.com [64.233.185.114]:25 ... failed: Connection refused
    LOG: MAIN
    gsmtp185-2.google.com [64.233.185.114]: Connection refused
    Connecting to gsmtp185.google.com [64.233.185.27]:25 ... failed: Connection refused
    LOG: MAIN
    gsmtp185.google.com [64.233.185.27]: Connection refused
    Connecting to gsmtp163.google.com [64.233.163.27]:25 ... failed: Connection refused
    LOG: MAIN
    gsmtp163.google.com [64.233.163.27]: Connection refused
    LOG: MAIN
    == jacksony@gmail.com R=lookuphost T=remote_smtp defer (111): Connection refused
    Return to Mail Queue"

    I found out the root of the problem is with IPTABLES as it disables outgoing connections for smtp.

    The Outgoing for IPTABLES --list shows this:
    "Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT tcp -- anywhere localhost tcp dpt:smtp
    REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
    acctboth all -- anywhere anywhere"

    I did some massive request for help and found the problem can be solved when I enter "iptables -F OUTPUT" . I tried saving the new iptables but the iptables keep returning to the original settings after every reboot.

    I tried saving using iptables-save and also iptables-save>/etc/sysconfig/iptables but when it restarted, i still need to use -F Output to clear the settings that is blocking my outgoing emails.

    Therefore the problem is the problem of connection refused keep coming back with every reboot, prevent me from sending outbound mails and only allow after i ran the command.

    The problem is how can I make the changes to OUTPUT in iptables permanent so that with every reboot, the settings will not be affected and mails can be sent out?

    Thank you very much for any help!

    I am using Redhat 9.

    Will appreciate any help to jackson@apc.sg . Thank you!
     
  2. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    look in the start script for iptables (/etc/init.d/iptables)
    In there it will tell you what file its using for the rules on boot.

    OR

    just stop iptables starting at boot.
    chkconfig --list (see if iptables is ON there)
    chkconfig --levels 123456 iptables off (stops iptables staring at boot)

    Once thats done, google iptables and find some good sites that show you how to use the firewall properly.
     
  3. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for your reply. It shows this:

    "#!/bin/sh
    #
    # iptables Start iptables firewall
    #
    # chkconfig: 2345 08 92
    # description: Starts, stops and saves iptables firewall
    #
    # config: /etc/sysconfig/iptables
    # config: /etc/sysconfig/iptables-config

    # Source function library.
    . /etc/init.d/functions

    IPTABLES=iptables
    IPTABLES_DATA=/etc/sysconfig/$IPTABLES
    IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
    IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
    PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
    VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES"

    From what I see iptables is saved in /etc/sysconfig/iptables and I have saved the "flushed" iptables to it already but it seems to be still loading with some filters for OUTPUT in iptables when server is restarted. what could be wrong? :(
     
  4. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    I ran that check and it shows:
    iptables 0:eek:ff 1:eek:ff 2:eek:n 3:eek:n 4:eek:n 5:eek:n 6:eek:ff

    Does it means it is off or on? Thank you!
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You're seeing that because you've enabled WHM > Tweak Security > SMTP Tweak which does exactly what you're seeing. It blocks outgoing mail on port 25 from all except the maulnull and root users. It does that by using iptables rules. Disable that tweak and it'll go away.
     
  6. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    But disabling that won't it allow spammer to use my server to spam?
     
  7. jacksony

    jacksony Well-Known Member
    PartnerNOC

    Joined:
    Nov 30, 2005
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    fixed. thank you so much! :)
     
Loading...

Share This Page