Hallo,
habe ein Problem, dass ich z.B. keine Mails verschicken kann oder Updates machen kann (seit ich die IPtables konfiguriert habe):
Code
Err http://security.debian.org/ wheezy/updates/main libgpgme11 amd64 1.2.0-1.4+deb7u1
Cannot initiate the connection to security.debian.org:80 (2001:a78:5:0:216:35ff:fe7f:be4f). - connect (101: Network is unreachable) [IP: 2001:a78:5:0:216:35ff:fe7f:be4f 80]
Failed to fetch http://security.debian.org/pool/updates/main/g/gpgme1.0/libgpgme11_1.2.0-1.4+deb7u1_amd64.deb Cannot initiate the connection to security.debian.org:80 (2001:a78:5:0:216:35ff:fe7f:be4f). - connect (101: Network is unreachable) [IP: 2001:a78:5:0:216:35ff:fe7f:be4f 80]
Mail:
Code
postfix/smtp[10845]: connect to alt1.gmail-smtp-in.l.google.com[2404:6800:4008:c03::1a]:25: Network is unreachable
postfix/smtp[10845]: connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4008:c00::1a]:25: Network is unreachable
IPtables konfig:
Code
# Generated by iptables-save v1.4.14 on Fri Aug 15 12:14:21 2014
*nat
:PREROUTING ACCEPT [29:3935]
:INPUT ACCEPT [29:3935]
:OUTPUT ACCEPT [1:1112]
:POSTROUTING ACCEPT [1:1112]
COMMIT
# Completed on Fri Aug 15 12:14:21 2014
# Generated by iptables-save v1.4.14 on Fri Aug 15 12:14:21 2014
*mangle
:PREROUTING ACCEPT [235:43521]
:INPUT ACCEPT [235:43521]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [241:137488]
:POSTROUTING ACCEPT [241:137488]
COMMIT
# Completed on Fri Aug 15 12:14:21 2014
# Generated by iptables-save v1.4.14 on Fri Aug 15 12:14:21 2014
*filter
:fail2ban-sasl - [0:0]
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:fail2ban-ssh - [0:0]
:OUTPUT ACCEPT [0:0]
:fail2ban-dovecot-pop3imap - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport -j fail2ban-sasl --dports 25,465,143,220,993,110,995
-A INPUT -p tcp -m multiport -j fail2ban-dovecot-pop3imap --dports 110,995,143,993
-A fail2ban-dovecot-pop3imap -j RETURN
-A fail2ban-sasl -j RETURN
-A fail2ban-ssh -j RETURN
-A INPUT -p tcp -m multiport -j fail2ban-ssh --dports 22
# Ssh, ftp webmin, etc
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 20,21,22,80,443,10000
# localhost
-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
# Teamspeak
-A INPUT -p tcp -m tcp --dport 9987 -j ACCEPT
# dns
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
# Mail
-A INPUT -p tcp -m tcp -m multiport -j ACCEPT --dports 25,110,143,4190,465,993,995,587,10023,10024,10025
-A INPUT -p tcp -m tcp --dport 113 -j REJECT
-A INPUT -j REJECT
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 587 -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Fri Aug 15 12:14:21 2014
Alles anzeigen
Es muss ein Fehler in der Konfig sein, vlt. ist von euch jemand wacher und sieht den Fehler
Ein einfacher Ping nach außen funktioniert schon nicht.. Ich dachte, dass ist ausreichend:
-A OUTPUT -j ACCEPT
Gruß