Find the answer to your Linux question:
Results 1 to 5 of 5
I have a linux box with two nics. One has public ip, one has private ip to our network. This server is running an ipsec vpn to connect to our ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2009
    Posts
    8

    Iptables, smtp, pop3


    I have a linux box with two nics. One has public ip, one has private ip to our network. This server is running an ipsec vpn to connect to our remote office.

    The issue I'm having is with email, when iptables is on I can ping my email server put not telnet to port 25 or 110. When iptables is turned off I can telnet to the smtp/pop ports fine.

    I need help creating a rule to allow access through ip tables to my remote mail server, any help is appreciated.

    Thanks.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Post your firewall rules.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Sep 2009
    Posts
    8
    here you go

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain RH-Firewall-1-INPUT (2 references)
    target prot opt source destination
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
    ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
    REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

  4. #4
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    90
    Hi,

    Add the following to the file /etc/sysconfig/iptables (perhaps just above the line for ESTABLISHED, RELATED traffic)

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT

    You could as well restrict access to these ports on the basis of IP address if so required by using the -s option followed by the IP/network

    BTW, the first rule for the RH-Firewall-1-INPUT filter is ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 which ideally means ACCEPT all traffic and should therefore have allowed access to ports 25 & 110 as well. Unless you've possibly omitted some output when posting it here coz on a RHEL based system this first line is usually associated with loopback interface.

    --Syd

  5. #5
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    Can you post /etc/sysconfig/iptables please?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •