[blfs-support] iptables again

akhiezer lfs65 at cruziero.com
Mon Mar 17 05:55:23 PDT 2014


> Date: Mon, 17 Mar 2014 10:19:32 +0000
> From: Richard Melville <richard.melville69 at googlemail.com>
> To: blfs-support at linuxfromscratch.org
> Subject: Re: [blfs-support] iptables again
>
> >
> > Richard Melville wrote:
> > > Maybe somebody has the answer to this -- it's only a minor point.
> > >
> > > I've set up msmtp and s-nail on a blfs server; I can send email, and
> > > iptables is not blocking them but neither is it recording the packets
> > > passed.  When I had this issue before with a different service, changing
> > > sport to dport resolved it, but not this time.  I've set the ports to 25
> > > and I've also tried 587. Both work, but still no packets recorded.
> >
> > What commands are you trying to run?
> >
> >    -- Bruce
> >
> >
> I'm sending mail to a colleague via my gmail address with:-
>
> cat test.mail |  msmtp -a gmail colleague at company.co.uk
>
> where "gmail" is the name of my account in the .msmtprc file.
>
> As I say, the mail delivery works fine with my colleague receiving the
> mail, and I get a copy in my gmail sent items.  However, iptables -nvL
> shows "0" in both the pkts and the bytes columns, as if nothing has been
> sent.  A minor point I know, but all my other traffic (ntp, http, dns, ssh)
> is recorded by iptables in those two columns.
>


Are you wanting to show incoming or outgoing traffic, or both, or what?

Does your firewall log the traffic for the relevant port numbers and for the relevant table (~== traffic-flow direction)?

Depending on what table you're wanting to see stats for, you might need to use the '-t' flag for iptables to show the stats for the relevant table. You might also find the '--line-numbers' flag useful - e.g. for debugging. (And fwiw, I'd normally use the '-x' flag too).

If the above don't resolve it, then probably good idea to post your firewall file, plus the literal stats command line (if different from the 'iptables -nvL' posted above).


rgds,
akh





--



More information about the blfs-support mailing list