Cannot fetch mail from remote host

Hi,
I'm configuring my homeserver and there is this one last problem I've
got to solve. My server runs fc5 configured with squid. ClientA is
dualbooting fc5 and windows. ClientA is using my homeserver as proxy for
caching everything coming over port 80. Squid works fine.

Everything seems to be ok. I can browse the web on ClientA under
fc5&windows. Under fc5 I'm not able to fetch my email from my pop3
account on a remote server outside my lan (using Thunderbird). I thought
it would maybe be a routing problem on the server, but the strange thing
is that using Windows and Thunderbird on ClientA it works. ClientA is
configured using dhcp, so the gateways and ips are exactly the same. The
Thunderbird configuration is the same under linux and windows.

I tried to stop iptables and squid on the homeserver -- no change
There is no personal firewall/iptables running on the client.
When I don't use a proxy on the client I get Connection timed out in
Thunderbird under linux.

Thank you for you help....



[Server 192.168.1.1]
FC5:
-ping pop.gmx.net works
-dig pop.gmx.net works
-telnet works.

[ClientA 192.168.1.101]
FC5:
-ping pop.gmx.net says network unreachable
-dig pop.gmx.net works (so I guess there's no problem with nameres??)
-telnet says network unreachable
Windows:
-ping ... works
-telnet works


Topology:

[WWW]-------[ppp0]
| Server |
[ClientA]---------[eth0]

I'm using this Iptables script:

INT_DEV=eth0
EXT_DEV=ppp0
INT_NET=192.168.1.0/24

modprobe ip_conntrack
modprobe ip_conntrack_ftp

echo 1 > /proc/sys/net/ipv4/ip_forward

### Remove all previous rules, and delete any user defined chains
iptables -F
iptables -X
iptables -t nat -F

### Set the default policies to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

### Loopback device OK
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

### Allow all Internal traffic to Server
iptables -A INPUT -s $INT_NET -d $INT_NET -j ACCEPT
iptables -A OUTPUT -s $INT_NET -d $INT_NET -j ACCEPT

### OUTBOUND Rule: Allow ALL packets out the external device
iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT

### MASQUERADING: All packets from the internal network will
### appear as if they had originated from the firewall.
iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j MASQUERADE

### INBOUND Rule: Allow ALL EXT packets if a connection already exists
iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j
ACCEPT
iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j
ACCEPT

### INBOUND Rule: Allow ONLY NEW packets on these ports.
# (After NEW connection is established, the above rules will allow all
following packets)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 21 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 22 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 80 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 110 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 443 -j ACCEPT

ttf wrote:
> Hi,
> I'm configuring my homeserver and there is this one last problem I've
> got to solve. My server runs fc5 configured with squid. ClientA is
> dualbooting fc5 and windows. ClientA is using my homeserver as proxy for
> caching everything coming over port 80. Squid works fine.
>
> Everything seems to be ok. I can browse the web on ClientA under
> fc5&windows. Under fc5 I'm not able to fetch my email from my pop3
> account on a remote server outside my lan (using Thunderbird). I thought
> it would maybe be a routing problem on the server, but the strange thing
> is that using Windows and Thunderbird on ClientA it works. ClientA is
> configured using dhcp, so the gateways and ips are exactly the same. The
> Thunderbird configuration is the same under linux and windows.
>
> I tried to stop iptables and squid on the homeserver -- no change
> There is no personal firewall/iptables running on the client.
> When I don't use a proxy on the client I get Connection timed out in
> Thunderbird under linux.

squid on the server won't make any difference - it listens on port 80,
not port 22.

What happens if you telnet from your client to your mailserver, i.e. type:

telnet pop3.my.mailserver.net 110

where that hostname pop3.my.mailserver.net should be the hostname of
your pop3 mailserver?

Robert
>
> Thank you for you help....
>
>
>
> [Server 192.168.1.1]
> FC5:
> -ping pop.gmx.net works
> -dig pop.gmx.net works
> -telnet works.
>
> [ClientA 192.168.1.101]
> FC5:
> -ping pop.gmx.net says network unreachable
> -dig pop.gmx.net works (so I guess there's no problem with nameres??)
> -telnet says network unreachable
> Windows:
> -ping ... works
> -telnet works
>
>
> Topology:
>
> [WWW]-------[ppp0]
> | Server |
> [ClientA]---------[eth0]
>
> I'm using this Iptables script:
>
> INT_DEV=eth0
> EXT_DEV=ppp0
> INT_NET=192.168.1.0/24
>
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> ### Remove all previous rules, and delete any user defined chains
> iptables -F
> iptables -X
> iptables -t nat -F
>
> ### Set the default policies to drop
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> ### Loopback device OK
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> ### Allow all Internal traffic to Server
> iptables -A INPUT -s $INT_NET -d $INT_NET -j ACCEPT
> iptables -A OUTPUT -s $INT_NET -d $INT_NET -j ACCEPT
>
> ### OUTBOUND Rule: Allow ALL packets out the external device
> iptables -A OUTPUT -o $EXT_DEV -j ACCEPT
> iptables -A FORWARD -i $INT_DEV -o $EXT_DEV -j ACCEPT
>
> ### MASQUERADING: All packets from the internal network will
> ### appear as if they had originated from the firewall.
> iptables -t nat -A POSTROUTING -o $EXT_DEV -s $INT_NET -j MASQUERADE
>
> ### INBOUND Rule: Allow ALL EXT packets if a connection already exists
> iptables -A INPUT -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j
> ACCEPT
> iptables -A FORWARD -i $EXT_DEV -m state --state RELATED,ESTABLISHED -j
> ACCEPT
>
> ### INBOUND Rule: Allow ONLY NEW packets on these ports.
> # (After NEW connection is established, the above rules will allow all
> following packets)
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 21 -j ACCEPT
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 22 -j ACCEPT
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 25 -j ACCEPT
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 80 -j ACCEPT
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 110 -j ACCEPT
> iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
> --dport 443 -j ACCEPT

Robert Harris schrieb:
> squid on the server won't make any difference - it listens on port 80,
> not port 22.
>
> What happens if you telnet from your client to your mailserver, i.e. type:
>
> telnet pop3.my.mailserver.net 110
>
When I telnet pop.gmx.net on port 110 I get :
telnet: connect to address 213.165.64.22: Network is unreachable
telnet: Unable to connect to remote host: Network is unreachable

But I can't even ping anything outside from the client http nor pop
(Network is unreachable).
Browsing using the squid proxy on the server works.
Seems if access to the outside world is only allowed using the proxy.
Everything else is blocked. But than I wouldn't be able to connect under
windows to my mailserver.

hi,

please post your routing table. looks like a routing problem.

jewo

Hi,

Here are my routing tables:

Server (192.168.1.1):
---------------------
Ziel Router Genmask Flags Metric Ref Use Iface
145.253.1.184 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 145.253.1.184 0.0.0.0 UG 0 0 0 ppp0


ClientA (192.168.1.101):
------------------------
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0


The server connects to the internet with a dialup connection (analog
modem) and gets dynamic ipadress. This Ip becomes the default gateway.

Think you're right that it's a routing problem. Everything else can be
excluded. Maybe the Client doesn't import the DefaultGateway settings
configured by dhcp?

Thank you for your comments already helped me a bit...

hi,

enter
"route add default gw 192.168.1.1"
at client a as root

jewo

Hey,
Thank you! I'm really a newbie, such a simple solution...