***/etc/init.d/iptables contains: # (1) Policies (default) iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
# (2) User-defined chain for ACCEPTED TCP packets iptables -N okay iptables -A okay -p TCP --syn -j ACCEPT iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules ## Rules for incoming packets from LAN iptables -A INPUT -p ALL -i eth1 -s 10.12.1.0/8 -j ACCEPT iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT iptables -A INPUT -p ALL -i lo -s 10.12.1.0 -j ACCEPT iptables -A INPUT -p ALL -i lo -s 116.168.1.2 -j ACCEPT iptables -A INPUT -p ALL -i eth1 -d 10.12.1.255 -j ACCEPT
## Rules for incoming packets from the Internet # Packets for established connections iptables -A INPUT -p ALL -d 116.168.1.2 -m state --state \ ESTABLISHED,RELATED -j ACCEPT
# REJECT THESE JERKS from accessing anything (HACKERS): iptables -A INPUT -p tcp -s 66.232.147.175 -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -s 67.169.132.93 -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -s 202.9.128.100 -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -s 202.9.183.254 -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -s 202.153.41.139 -j REJECT --reject-with tcp-reset iptables -A INPUT -p tcp -s 210.51.188.113 -j REJECT --reject-with tcp-reset
# TCP rules iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 25 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 110 -j okay iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
# UDP rules iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
# ICMP rules iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT
# (4) FORWARD ip rules # Accept packets I want to forward iptables -A FORWARD -i eth1 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# (5) OUTPUT ip rules # ONLY output packets with local addresses (NO spoofing) iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT iptables -A OUTPUT -p ALL -s 10.12.1.1 -j ACCEPT iptables -A OUTPUT -p ALL -s 116.168.1.2 -j ACCEPT
# (6) POSTROUTING ip rules iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 116.168.1.2 # uncomment the bottom for DHCP if it works first # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
===========THE PROBLEM=============
Mail is going out to the Internet, but no matter what account I use (i.e., freebee sites or otherwise, mail isn't coming in. When I review the mail server logs, I see it trying to be delivered:
May 12 17:24:10 SERVER1 sendmail[3883]: j49NiYov005141: to=<root@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ctladdr=<root@xxxxxxxxxxxxxxxxxxxxxxxx> (0/0), delay=2+21:39:17, xdelay=00:00:00, mailer=esmtp, pri=5880651, relay=localhost.localdomain.mydomainname.com., dsn=4.0.0, stat=Deferred: Connection timed out with localhost.localdomain.mydomainname.com.
What is going on???
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
