Is 12.27.41.52 the only system to which you send mail? In other words, are you using it as your relay to the outside world? If not, it looks like you'll need to add a rule something like '-A output -i eth0 -p tcp --destination-port smtp -j ACCEPT'. Also, what are your default policies on each chain? If they are DENY which I suspect they are, then flushing the chains should cause nothing to work, not everything. Eric On Wed, Mar 14, 2001 at 09:39:53AM -0600, Brian wrote: > I've got a sendmail server that I've given heavy firewalling through > IPchains. Apparently it was too heavy, because now sendmail won't work at > all. I've got: > > ipchains -A input -i eth0 -p tcp -s any/0 80 -j ACCEPT > ipchains -A input -i eth0 -p tcp -s any/0 25 -j ACCEPT > ipchains -A input -i eth0 -p tcp -s any/0 110 -j ACCEPT > ipchains -A input -i eth0 -p tcp -s any/0 6667 -j ACCEPT > > and sendmail was firewalled out. After consulting the book "linux > firewalls", I was reminded that e-mail uses some ports > 1023 (at least > Groupwise does, so it made sense) so now I've got: > > ipchains -A output -i eth0 -p tcp -s 12.27.41.52 1024:65535 -d any/0 25 -j ACCEPT > ipchains -A output -i eth0 -p tcp ! -y -s 12.27.41.52 25 -d any/0 1024:65535 -j ACCEPT > ipchains -A input -i eth0 -p tcp -s any/0 1024:65535 -d 12.27.41.52 25 -j ACCEPT > ipchains -A input -i eth0 -p tcp ! -y -s any/0 25 -d 12.27.41.52 1024:65535 -j ACCEPT > > and it's still firewalled out. Any ideas? Sendmail works 100% when I > ipchains -F. > > -Brian > > _______________________________________________ > tclug-list mailing list > tclug-list at mn-linux.org > https://mailman.mn-linux.org/mailman/listinfo/tclug-list >