Re: telnet on local LAN question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2011-08-18 at 21:49 -0700, Paul Allen Newell wrote:
> I am not longer certain whether the telnet testing failure is a
> blocker to getting mail between machines. But it still remains a
> mystery to me why I can't tell iptables "you like telnet / port 23
> inside your LAN".

Your firewall rules don't care what (telnet, mail, webserving) you're
doing over the ports, its rules are based on connections to or from
ports and/or addresses.

So to allow or disallow mail, for instance, you can set rules by port
numbers that the server uses (port 25 for SMTP).  And those rules can be
set on the server to allow or block access coming into to port 25.
Also, rules can be set on clients to allow or block access going out to
port 25.  Likewise, with other ports.

If you're unsure of what ports are commonly used for what.  Have a look
at the /etc/services file.  Firewall rules can also be set using the
port names.  i.e. You can set a rule blocking access to the smtp port,
by name, and iptables will apply the rule to port 25 (because it's using
the data listed in the /etc/services file to translate names and port
numbers).

If you use a configurator tool to set your firewall rules, it will
probably list common services by name, already.

With some services, you may also have to reconfigure your SELinux rules
to allow them to function.

                      ----------------------------

If you can telnet to a service, it shows that you can at least make a
connection to it.  If you can issue commands to it, and get appropriate
responses, then the service should be fully functional.  Though being
able to send a message to a server is part of the equation.  If you
expect it to pass it along to the next link in the chain, that's yet
another thing for you to check works.

Mail serving is a complex beast, and really does require you to read up
on how it's supposed to work, as well as how easily it can be exploited
(especially if your mail server may be externally accessible!).

If you're using sendmail, as I am, it has its own website (which is
probably best source for finding out about it).  Others swear *at* it,
and have switched to postfix.  Sendmail users seem to be divided between
those who prefer it, and those who've learned enough about it that they
don't want to bother learning another service.

-- 
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux