Printable View
I have a linux box with two nics. One has public ip, one has private ip to our network. This server is running an ipsec vpn to connect to our remote office.
The issue I'm having is with email, when iptables is on I can ping my email server put not telnet to port 25 or 110. When iptables is turned off I can telnet to the smtp/pop ports fine.
I need help creating a rule to allow access through ip tables to my remote mail server, any help is appreciated.
Thanks.
Post your firewall rules.
here you go
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Hi,
Add the following to the file /etc/sysconfig/iptables (perhaps just above the line for ESTABLISHED, RELATED traffic)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
You could as well restrict access to these ports on the basis of IP address if so required by using the -s option followed by the IP/network
BTW, the first rule for the RH-Firewall-1-INPUT filter is ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 which ideally means ACCEPT all traffic and should therefore have allowed access to ports 25 & 110 as well. Unless you've possibly omitted some output when posting it here coz on a RHEL based system this first line is usually associated with loopback interface.
--Syd
Can you post /etc/sysconfig/iptables please?