You are not logged in.
I have configured iptable according to the wiki. But its causing packet drops. I am having problem with yahoomail(mails not opening). Following is my iptable rules:
# Generated by iptables-save v1.4.0 on Tue Aug 12 21:07:14 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [145:206050]
:interfaces - [0:0]
:open - [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j interfaces
-A INPUT -j open
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A interfaces -i lo -j ACCEPT
-A interfaces -i eth0 -j ACCEPT
# Common attacks
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-A INPUT -f -j DROP
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-I INPUT -i eth0 -s 10.0.0.0/8 -j DROP
-I INPUT -i eth0 -s 172.16.0.0/12 -j DROP
-I INPUT -i eth0 -s 192.168.0.0/16 -j DROP
-I INPUT -i eth0 -s 127.0.0.0/8 -j DROP
COMMIT
# Completed on Tue Aug 12 21:07:14 2008
Last edited by jaideep_jdof (2008-08-19 15:10:22)
Offline
So I take it if you flush the tables, your yahoo mail opens fine?
Just want to see how you came to the conclusion that iptables is causing you not to be able to open yahoo mail.
Offline
-I INPUT -i eth0 -s 10.0.0.0/8 -j DROP
-I INPUT -i eth0 -s 172.16.0.0/12 -j DROP
-I INPUT -i eth0 -s 192.168.0.0/16 -j DROP
-I INPUT -i eth0 -s 127.0.0.0/8 -j DROP
Did you just copy-paste the ones above or are you certain that you need those? If not, I'd try removing them. And I think the output of "iptables -vL" is more comprehensive than the rules themselves, it shows which rules have been hit.
Last edited by Ramses de Norre (2008-08-13 16:31:18)
Offline
i can't see any problems in this config concerning your problem or rather the smtp port 25 from which you receive your mails.
how do you check your mails? online via the login on the yahoo page or via a mail client like thunderbird?
is it just yahoo or is it generally impossible to open mails?
Offline
-I INPUT -i eth0 -s 10.0.0.0/8 -j DROP -I INPUT -i eth0 -s 172.16.0.0/12 -j DROP -I INPUT -i eth0 -s 192.168.0.0/16 -j DROP -I INPUT -i eth0 -s 127.0.0.0/8 -j DROP
Did you just copy-paste the ones above or are you certain that you need those? If not, I'd try removing them. And I think the output of "iptables -vL" is more comprehensive than the rules themselves, it shows which rules have been hit.
I just copy pasted these lines from the wiki. I access yahoomail from the yahoo page. I don't use thunderbird for yahoo, I use it for gmail and gmx. The thunderbird is working fine.
The exact problem i am facing is that, yahoomail opens ok but when i click on a mail to open it doesn't open, only wait sign is show in status bar of my browser. Same thing happens when i try to submit new post in a forum.
Offline
already tried another browser?
Offline
I tried it with konqueror, same problem.
Offline
does it work, when you disable iptables?
Offline
Yes it did work when i disabled iptables.
Offline
since you are using OUTPUT as accept, there shouldnt be any problems, but still, i recommend that u disable iptables, install ethereal or any other analyzer, and open yahoo mail (make sure to log in, check your messages), and check it with ethereal , you can instruct ethereal to only check remote port 80/443 traffic to see if there are some inbound connection from *.yahoo.com that are being blocked by iptables.
did you use the new yahoo web interface or the classic one?
Last edited by Sin.citadel (2008-08-15 13:05:00)
Offline
I am using the classic one. I have no idea what ethereal is and how to use it.
Offline
u can check which packets are being blocked by using iptables own logs, after you have set your iptables policy, simply use
iptables -A INPUT -i ! lo -j LOG --log-prefix "DROP " --log-ip-options --log-tcp-options
then log into yahoo again and when you encounter the error again, open file /var/log/iptables.log and sift through it to find why iptables is blocking the packet or post the file here.
also, do you get a HTTP error like a 502,404,connect timeout, or does it simply stop.
Offline
before using the logs, you have to order iptables to write logs
add this to your input chain:
iptables -A INPUT -j LOG -m limit --limit 5/s --log-prefix "INPUT-DROP:"
Offline
Thanks guys for help i changed the yahoo interface from classic to the new on and the issue was solved.
Offline
Please mark this thread as solved. Thanks!
Offline