Find the answer to your Linux question:
Results 1 to 3 of 3
Hey I'm using iptables to block smtp port like this: Code: [root@ ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp ...
  1. 04-20-2010 #1
    moimel
    moimel is offline
    Just Joined!
    Join Date
    Apr 2010
    Posts
    4

    Smtp port blocked, yet packets delivered in and out

    Hey I'm using iptables to block smtp port like this:
    Code:
    [root@ ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:smtp
    with this commands:
    iptables -A INPUT -p tcp --dport 25 --sport 25 -j DROP

    yet when monitoring traffic:
    Code:
    [root@game3 ~]# tcpdump -n tcp port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:23:32.339792 IP 121.35.170.181.can-ferret > MY-IP.smtp: S 3636350420:3636350420(0) win 65535 <mss 1440,nop,nop,sackOK>
22:23:32.638640 IP 121.34.200.183.slush > MY-IP.smtp: S 2084693075:2084693075(0) win 65535 <mss 1440,nop,nop,sackOK>
22:23:33.256984 IP 121.35.168.87.vpntpp > MY-IP.smtp: S 3096707673:3096707673(0) win 65535 <mss 1440,nop,nop,sackOK>
22:23:34.430466 IP 121.34.200.189.a16-an-an > MY-IP.smtp: S 2972377123:2972377123(0) win 65535 <mss 1440,nop,nop,sackOK>

4 packets captured
30 packets received by filter
0 packets dropped by kernel
    I can see a lot of packets inside and outside in port 25.

    However, when checking netstat I CAN'T see even one connection on smtp port!

    How come?

    p.s. I cannot access with telnet to port 25. (from my own pc)

    Thanks
    Reply With Quote Reply With Quote
  2. 04-20-2010 #2
    Irithori
    Irithori is offline
    Linux Guru Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    2,096
    The problem is here:
    Code:
    iptables -A INPUT -p tcp --dport 25 --sport 25 -j DROP
    This rule will only block packets, that have *both* destination port 25 and source port 25

    Break it up in two rules
    Code:
    iptables -A INPUT -p tcp --sport 25 -j DROP
iptables -A OUTPUT -p tcp --dport 25 -j DROP
    You must always face the curtain with a bow.
    Reply With Quote Reply With Quote
  3. 04-20-2010 #3
    zombykillah
    zombykillah is offline
    Linux Newbie
    Join Date
    Dec 2009
    Posts
    241
    if you wanna check the port you may wanna use this command:
    nmap localhost -p 25
    Beginner's Guide to Nmap | Linux.com

    Or to find the program receiving at smtp:
    netstat -anp | less

    telnet usually runs at port 23 and not at 25.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...