World: r3wp

under windows FileZilla, xlightftpd ...

you mean vsftpd?

ah, probably yes ... but I use old fedora, dunno if new distros use 
it still, or if it got replaced by some better/different system ...

does anyone have any idea why is this happening to me.. I setup iptables 
firewall and now my rebol send method (to SMTP on some completely 
other server) doesn't work any more..

setup file is like this: 
#!/bin/bash
#
# iptables example configuration script 
#
# Let's not lock ourselves out of the server
#
 iptables -P INPUT ACCEPT
#
# Flush all current rules from iptables
#
 iptables -F
#
# Allow SSH connections on tcp port 22

# This is essential when working on remote servers via SSH to prevent 
locking yourself out of the system
#
 iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#
# Allow HTTP connections on tcp port 80
#
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#
# Set default policies for INPUT, FORWARD and OUTPUT chains
#
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
#
# Set access for localhost
#
 iptables -A INPUT -i lo -j ACCEPT
#
# Accept packets belonging to established and related connections
#
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#
# Save settings
#
 /sbin/service iptables save
#
# List rules
#
 iptables -L -v

it doesn't work unless I put input on ACCEPT again (  iptables -P 
INPUT DROP )

does the sending of email through external smtp require that the 
server also accepts some connection? Could it be that the delay with 
iptables is too long somehow .. I notice that ssh login works visibly 
slower when setup

what is additionally strange is that on the other VPS where I have 
the same iptables setup this works

sending email works

I tried from console too .. if firewall is all on ACCEPT it works 
.. if not this happens : 


>> send [janko-:-itm-:-gmail-:-com] "asasd asd a"                        
               Net-log: ["Opening" "tcp" "for" "esmtp"]
connecting to: secure.emailsrvr.com
** Access Error: Cannot connect to secure.emailsrvr.com
** Where: open-proto
** Near: smtp-port: open [scheme: 'esmtp]
either only

does a direct tcp connection on port 25 work?

Try adding :  iptables -A OUTPUT -i lo -j ACCEPT

On second thought, that wouldn't help. Try adding a few -j LOG rules 
to help debug.

Tested your rules here on Linux, works ok.

I can connect to remote server on port 25.

Check your DNS config and test your accesses with telnet.

Thanks for help Graham and Doc .. I wanted to reply multiple times 
but altme didn't want to accept my text and it was disconnecting 
me

It took me half of day of looking but I think I am close to it now.. 
when I run the script I get 

iptables: No chain/target/match by that name

and it's realted to this line:

 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


after much digging it currently it looks that the vps is missing 
"state" kernel module which is given there by -m "meaning match" 
.. I just wrote the vps host computer admin and I hope he will be 
able to enable it

you should be able to load the module yourself with modprobe etc. 
(and it's strange iptables doesn't load it automatically, i thought 
it did)

anyway... i'd recommend using something like Shorewall instead of 
coding your iptables manually. (i used to code iptables manually 
many years ago...)

http://www.shorewall.net/

(it takes some time to configure, but iptables takes some time to 
configure as well)

modprobe gives me the following error: 

FATAL: Could not load /lib/modules/2.6.24-2-pve/modules.dep: No such 
file or directory


I looked and it seems that VPS container can't access kernel modules 
.. I am still waiting for administrator because there was some linux 
conf two days now.. he should fix it today ... 


I will check out shorewall .. I need quite simple confihuration , 
no forwarding, just close everything and lock ssh to some static 
IP-s

ShoreWall, MonoWall ... and the winner is - Mikrotik :-)

Petr, I'm not sure why someone would want a non-standard, hard to 
use shell over Linux, but, ok... :P

Gabriele - because Linux sucks. Because if it would be easy, Janko 
would not post his questions here. I user REBOL, because it provides 
me with simplicity to what I need to do. I use Mikrotik, because 
it is absolutly best low-cost FW/shaper/whatever, used by 90% small 
WISP?

how is mikrotik easier than the above, give that they don't even 
have complete documentation on their side?

it's much harder to figure out than iptables, you can find MILLIONS 
of hits on google about iptables

Gabriele - you should know what you are talking about, no? I use 
MT for 3 years, and the docs are there, there is a forum, there is 
a wiki. It allows so much complicated stuff like traffic bonding, 
easy scheduling/shaping, mangling, scripting, virtual interfaces, 
dynamic lists, etc.  that it is not even funny to compare it to bare-bones 
Linux ....

Simply put - our example - small to middle network, 600+ wi-fi users, 
50+ MT nodes, which even lamers like me and my brother can properly 
build. Would we be possible to make it using bare-bonesLinux? Absolutly 
not. Your reaction is imo typical example of why Linux fails in the 
long run. PPl want easy solution, not guru stuff.

so, what the hell has that to do with Janko's problem (a firewall 
for his server)?

can you explain me why mikrotik supports openvpn but *only* on tcp 
and not udp? that makes no sense at all.

It might have nothing to do with Janko's problem. But - I saw you 
suggesting him ShoreWall, and in that regard I did mention Mikrotik, 
because I have experience with it, and simply put - nearly all WISP 
are using it, and that means something. Some ppl do replace Cisco's 
with it. The system is no-brainer - just insert CF with MT, boot, 
and there you go. If some node dies, you can replace it in 10 minutes, 
no virtualisation or advanced technique used, just its clever design. 
Besides that - MT is still Linux underneath ...

I find using plain linux for FW/GW purposes only as extremly bad 
idea nowadays. Of course, if your server does provide you with services 
as webhosting, then Linux is preferred.

As for OpenVPN - I don't know - it is kind of "recent" addition, 
as community screamed for it. There is l2tp, pptp, ppoe and I use 
simple pptp ....

I can give anyone demo access to my central router, to look around. 
My opinion simply is, that some things don't need to be entirely 
free, in order to be considered. And something like 30-40 USD is 
cool price ...

I lost the messages i was typing to you yesterday, and you know why? 
My internet connection does not work. Guess what is my ISP? One of 
those WISP that uses mikrotik for everything. Yes, I guess that means 
something. It means that incompetent people just damage other people's 
work.

the issue is not whether it's free or not. the issue is that they 
are REMOVING features for no reason at all. Why not just add their 
own windows UI (that of course it's only for windows! they could 
not do like anyone else and make a web interface that works everywhere...) 
on top of a custom linux distribution that ALSO gives you the ability 
to do whatever you want with it IF you know how?

My router is a debian lenny box. I'm so much happier now that the 
mikrotik router in the antenna is just acting as a bridge and I don't 
even know it's there. less crap to learn and worry about...

i will never understand why you guys always want to make things more 
COMPLEX instead of making them SIMPLER. place RESTRICTIONS instead 
of enabling FREEDOM. i just don't get it. it's extremely frustrating 
for me.

go read Carl's blog again about people not having a clue about the 
business they run. go read Chuck Moore's interview that says the 
same thing (complexity means that we are doomed). I can't undertand 
why only so few people on this planet get it - how can everyone else 
think that more complex is better...

Gabriele - after reading your messages, I have to say one thing - 
I always have great respect for your and for your knowledge, especially 
in regards to REBOL. But your last remarks are so completly off, 
that I really wish you don't mean it for real.

I think I am no willing to spend my time talking some wifi related 
issues with someone, who apparently does not know, what he is talking 
about ... talking about at all.

There is so much to the wi-fi layer to know about in praxe, that 
it is not even funny. There can be plenty of reasons, why your connection 
is crappy. First of them might be RT's provider itself. That can 
be checked easy enough - if your connection is not broken only for 
Altme, then most probably it is not RT's provider, but your connection. 


From there, I would check your provider. Wi-fi is NOT cable, it never 
will be, and the technology never claimed to be 100% problem-free. 
99% of problems are NOT related to MT and its SW, believe me. The 
clear sight to your provider antenna, the weather, the antenna quality, 
pigtail quality, pigtail/calbe isolation (if water is there, the 
signal might drop SIGNIFICANTLY), general wi-fi signal pollution 
in wifi crowded area, etc. etc.

It has NOTHING to do with MT and your claims are simply false. If 
you are so brave, then go, and replace your bad MT with another Debian 
Box. I wonder, if it would make you more happy. MT is not bug-free, 
I never claimed anything like that. My MT suggestion was relatad 
exactly to the SIMPLICITY factor. You call it complex? Man - it is 
like you never used REBOL, right? MT brings simplicity to the wifi 
providing, that some other solutions are not even funny to suggest.


MT Linux abstraction is like a VID dialect upon Linux - yes, it can't 
do everything. But I can't come-up with anything it does not do for 
me for 99% of my usage cases. Yes, I noticed your OpenVPN problem, 
not supporting UDP, and yes, it sucks, but it does not mean that 
MT does not serve its purpose.

The complexity vs simplicity factor can be very easily checked. My 
brother, who would not be absolutly able to set-up linux router, 
has set-up 50 MT based router nodes. We are serving 600+ ppl, with 
problems here or there. We have 3rd iteration of our network, having 
our MT backbone rock-solid. Some P2P connections are going to be 
replaced with 10GHz ones, becaue we know where's 5GHz limit, and 
we try to use the right tools for particular needs.


But once again - I visited at least 5, maybe more courses, related 
to radios, frequencies, their correct usage, cables, antennas, with 
profi (lended from T-mobile) equipment, where we checked on the antennas 
and cables parameters, and I can tell you, that with wrong Antenna, 
pigtail, cable, with wrong installation, you can ruin your connection 
quality even down to 40%. No SW, being it MT, or Debian, or StarOS, 
can fix it.

So in the end - use what you are happy with. But don't try to put 
down publicly system, you have no deeper experience with, please, 
as apparently all WISP providers are happy with it (and not only 
them, some ppl go so far to replace Ciscos), and it might serve well 
to some other ppl, looking for simple yet sufficient solution for 
their usage case. By reading your comments, noone would probably 
ever considered Mikrotik, and that is all it is about - let's not 
create myths, where there are apparently no myths involved, and the 
system might work satisfactory to many ppl  ...

Petr, it's NOT my connection to this world that does not world. NOTHING 
works. STOP talking about things you have no idea about. This has 
been pure crap since JUNE.

Also, PLEASE, I beg you, do *read* what I write. I never said my 
problems are due to mikotik. I said my problems are due to my ISP 
not knowing what they are doing. You said that mikrotik allows "normal" 
people to set up a WISP. Right, they do, and the result is that they 
waste MY time *because* they know nothing about this job. This was 
*your* claim, and it seems to be consistent with what I am seeing.

The criticism I made to RouterOS was very targeted and very simple, 
and you of course completely ignored it. I said two things: 1) there 
is absolutely no reason they had to add the stupid shell they have 
when you connect via SSH 2) there is no reason why what they do could 
not have been implemented on top of debian, or any other distribution, 
thus allowing people who know what they are doing to provide extra 
services that are beyond what's in their default configuration. That 
is just a stupid choice. So, most people don't care or need, and 
for them MT may be a good choice. That does not make them a good 
alternative to a linux box, neither a good alternative to Janko's 
problem above, and from what you say they may be even making things 
worse.