{Disarmed} Re: telnet on local LAN question
Craig White
craigwhite at azapple.com
Fri Aug 19 04:30:55 UTC 2011
On Thu, 2011-08-18 at 21:23 -0700, Paul Allen Newell wrote:
> On 8/18/2011 9:07 PM, Craig White wrote:
> > On Thu, 2011-08-18 at 20:47 -0700, Paul Allen Newell wrote:
> >> [root at yoyo ~]# netstat -anp | grep ":25"
> >> tcp 0 0 127.0.0.1:25 0.0.0.0:*
> >> LISTEN 1510/sendmail: acce
> >> [root at yoyo ~]# netstat -anp | grep ":23"
> >> [root at yoyo ~]#
> >> +++
> >>
> >> I'm staring at man netstat and the description of local address,
> >> foreign address, and state ... but not certain what it really means in
> >> context of your question regarding listening ... I think I am supposed
> >> to assume that this output means 127.0.0.1:25 is listening to anything
> >> sent from 0.0.0.0:* ?
> > ----
> > I believe that means that you can only connect to port 25 from localhost
> > and not any other computer.
> >
> > It's been many years since I used sendmail (I heavily recommend postfix)
> > but I think if you edit /etc/mail/sendmail.mc and find the section...
> >
> > dnl # The following causes sendmail to only listen on the IPv4 loopback
> > address
> > dnl # 127.0.0.1 and not on any other network devices. Remove the
> > loopback
> > dnl # address restriction to accept email from the internet or intranet.
> > dnl #
> > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> >
> > and chnage the last line to
> > dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> >
> > and restart sendmail to enable it to listen on all your network
> > interfaces.
> >
> > Note that you then have to edit /etc/mail/access to control who can
> > 'relay' email (and restart sendmail again).
> >
> > also note that generally running your own smtp server requires you to
> > have a dns server so you have an mx record so it becomes obvious which
> > server receives e-mail for your domain.
> >
> > Craig
> >
> >
> Craig:
>
> Thanks, I found that line in sendmail.mc and think I understand what it
> is doing ... and what your suggestion do commenting it out will do. I've
> begun googling about /etc/mail/access and that's going to take some time.
>
> Though this potentially solve the larger question of allowing email to
> be received on my 192.168.2.x LAN, I need to ask if you are implying
> that doing this in sendmail.mc et al means that I don't have to do
> anything with iptables for the mail / mailx issue?
>
> And it still leaves me with a failure in my learning exercise about not
> being able to tell my machines that they should accept my "test telnet"
> from other machines in my LAN. I don't want to waste folks time on a
> test that I don't need, but I feel there is something about
> communication between machines that I am not getting ... and need to if
> I am going to consider a more elegant LAN setup
----
I'm not going to get into the iptables stuff... first of all, you had a
bunch of people tossing all sorts of ideas your way and secondly, it
just seemed to be a waste of time. If you have a router/firewall on your
LAN, you could easily just disable iptables on any systems inside your
LAN... certainly for now while you are setting up and configuring things
and not allowing yourself to be sidetracked.
One of the most important things on a list like this is when you get a
whole bunch of answers, you have to sort of filter them so you don't
waste your time.
netstat -an|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:*
LISTEN
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root at srv2:~# telnet 192.168.2.5 25
Trying 192.168.2.5...
Connected to 192.168.2.5.
Escape character is '^]'.
220 srv2.azapple.com ESMTP Postfix
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users
mailing list