Re: Problems with my mail server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2003-04-16 at 22:07, juanca wrote:
> I´ve implemented this firewall but when I started it
> My mail server doesn´t work
> what might it be problem?
> iptables -A INPUT -s 192.168.0.15 -j ACCEPT
> iptables -A INPUT -s 192.168.0.25 -j ACCEPT
> 
> iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> 
> iptables -A INPUT -p tcp --dport domain -j ACCEPT

DNS usually runs on udp 53, not tcp.  Also, you probably shoud have udp
53 open in OUTPUT as well as INPUT.

> iptables -A INPUT -p tcp --dport http -j ACCEPT
> iptables -A INPUT -p tcp --dport https -j ACCEPT
> iptables -A INPUT -p tcp --dport ftp -j ACCEPT
> iptables -A INPUT -p tcp --dport ftp-data -j ACCEPT
> iptables -A INPUT -p tcp --dport ftps -j ACCEPT
> iptables -A INPUT -p tcp --dport ftps-data -j ACCEPT
> iptables -A INPUT -p tcp --dport pop3 -j ACCEPT
> iptables -A OUTPUT -p tcp --dport pop3 -j ACCEPT
> iptables -A INPUT -p tcp --dport pop3s -j ACCEPT
> iptables -A INPUT -p tcp --dport  smtps -j ACCEPT
> iptables -A INPUT -p tcp --dport smtp -j ACCEPT
> iptables -A OUTPUT -p tcp --dport smtp -j ACCEPT -j ACCEPT
> iptables -A INPUT -p tcp --dport 113 -j ACCEPT
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -j DROP

Do you have DROP policy for INPUT (and/or OUTPUT)?  If so,
you don't need this last rule.  If not, you probably should.

j
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux