On Tue, Feb 01, 2005 at 08:02:58PM +0500, varun_saa@xxxxxxxx wrote:
> Hello,
> My server is Mandrake 10.1
> eth0 is WAN with static IP connected to 512k DSL
> eth1 is LAN
>
> I have already configured NAT, etc..
>
> I want my firewall to allow users to send
> and recieve mails.
>
> I want add the following lines to my iptables :
>
> -A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
> -A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
is your firewall also your mail server? if not--you need to be adding
your rules to FORWARD, not INPUT. and the source port of pop3/smtp
traffic should be unprivileged; i.e.,
# allow packets part of an established connection
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow SMTP connections from LAN -> Internet
iptables -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: \
--dport 25 -j ACCEPT
# allow POP3 connections from LAN -> Internet
iptables -A FORWARD -i eth1 -o eth0 -p tcp --syn --sport 1024: \
--dport 110 -j ACCEPT
HTH...
-j
--
"I'll be deep in the cold, cold ground before I recognize Missoura!"
--The Simpsons
