[LARTC] iptables : Incoming mail and ping problem

shaheen@xxxxxxxxxxx (Shaheen Hossain) · Thu, 6 Feb 2003 19:38:54 +0600

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C2CE17.624F9EB0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Diff between File I ( iptablesRC ) and File II (iptablesRC.2). File I =
works for incoming mail. File II does not for incoming mail, neither =
does pinging to this server to its external interface NIC IP.=20

I could not figure out what the difference in these port allowing, =
reject or accept commands which are keeping the in-coming mail from =
coming on a RH Linux 7.3. Please help. Thanks.

-------------------------------------------------------------------------=
-----
[shossain@mohican shossain]$ diff /home/admin/firewall/iptablesRC =
/home/admin/firewall/iptablesRC.2 |  more
162c162
< $IPTABLES -A allowed -p TCP -j REJECT
---
> $IPTABLES -A allowed -p TCP -j DROP
185,187c185,187
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1503 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3389 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5001:65535 -j allowed
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1500:65535 -j allowed
192,200c192,200
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 22 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 25 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 42 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 80 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 113 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 143 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 174 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 443 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 5001:65535 -j =
ACCEPT
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 22 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 25 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 42 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 80 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 113 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 143 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 174 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 443 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 1500:65535 -j ACCEPT
262d261
<
268d266
<

------=_NextPart_000_0009_01C2CE17.624F9EB0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2>Diff between File I ( iptablesRC ) and =
File II=20
(iptablesRC.2). File I works for incoming mail. File II does not for =
incoming=20
mail, neither does pinging to this server to its external interface NIC =
IP.=20
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>I could not figure out what the =
difference in these=20
port allowing, reject or accept commands which are keeping the in-coming =
mail=20
from coming on a RH Linux 7.3. Please help. Thanks.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial=20
size=3D2>----------------------------------------------------------------=
--------------</FONT></DIV>
<DIV><FONT face=3DCourier>[shossain@mohican shossain]$ diff=20
/home/admin/firewall/iptablesRC /home/admin/firewall/iptablesRC.2 =
|&nbsp;=20
more<BR>162c162<BR>&lt; $IPTABLES -A allowed -p TCP -j =
REJECT<BR>---<BR>&gt;=20
$IPTABLES -A allowed -p TCP -j DROP<BR>185,187c185,187<BR>&lt; $IPTABLES =
-A=20
tcp_packets -p TCP -s 0/0 --dport 1503 -j allowed<BR>&lt; $IPTABLES -A=20
tcp_packets -p TCP -s 0/0 --dport 3389 -j allowed<BR>&lt; $IPTABLES -A=20
tcp_packets -p TCP -s 0/0 --dport 5001:65535 -j allowed<BR>---<BR>&gt; =
$IPTABLES=20
-A tcp_packets -p TCP -s 0/0 --dport 1500:65535 -j=20
allowed<BR>192,200c192,200<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 22 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 25 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 42 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 80 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 113 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 143 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 174 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 443 -j ACCEPT<BR>&lt; $IPTABLES -A tcp_packets -p TCP -s =
0/0=20
--source-port 5001:65535 -j ACCEPT<BR>---<BR>&gt; $IPTABLES -A =
tcp_packets -p=20
TCP -s 0/0 --sport 22 -j ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP =
-s 0/0=20
--sport 25 -j ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 =
--sport 42=20
-j ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 80 -j=20
ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 113 -j=20
ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 143 -j=20
ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 174 -j=20
ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 443 -j=20
ACCEPT<BR>&gt; $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 1500:65535 =
-j=20
ACCEPT<BR>262d261<BR>&lt;<BR>268d266<BR>&lt;<BR></FONT></DIV></BODY></HTM=
L>

------=_NextPart_000_0009_01C2CE17.624F9EB0--

[LARTC] iptables : Incoming mail and ping problem

Linux Advanced Routing and Traffic Control