[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

smtp forward problem



I make some rules to my firewall and it do not work well for all services.
I change some router configuration to control the security from on block that I have some Windows Servers
For ftp ports it's work perfect, but from Windows Server, it is not work fine, the smtp service from IIS (with port 25) dont't work
I put some coments in my rules to explain my intention.
 
:input ACCEPT
:forward ACCEPT
:output ACCEPT
 
---> I open smtp ports for the second block (it's don't work and it's my problem)
-A forward -s xxx.xxx.xxx.208/255.255.255.240 25:25 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 25:25 -p 6 -j ACCEPT
 
---> I open the ftp ports (it's work fine)
-A forward -s xxx.xxx.xxx.208/255.255.255.240 20:20 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 20:20 -p 6 -j ACCEPT
-A forward -s xxx.xxx.xxx.208/255.255.255.240 21:21 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 21:21 -p 6 -j ACCEPT
 
---> I reject all conection to any server in this block
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 -j REJECT
 
Is anyone know where is my fault or where I make some mistake? Did have some more ports?
 
This is the my ipchains table: (/sbin/ipchains -L)
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target     prot opt     source                destination           ports
ACCEPT     tcp  ------  anywhere             xxx.xxx.xxx.208/28    any ->   smtp
ACCEPT     tcp  ------  xxx.xxx.xxx.208/28   anywhere              any ->   smtp
ACCEPT     tcp  ------  anywhere             xxx.xxx.xxx.208/28    any ->   ftp
ACCEPT     tcp  ------  xxx.xxx.xxx.208/28   anywhere              any ->   ftp
ACCEPT     tcp  ------  anywhere             xxx.xxx.xxx.208/28    any ->   ftp-data
ACCEPT     tcp  ------  xxx.xxx.xxx.208/28   anywhere              any ->   ftp-data
ACCEPT     all  ------  xxx.xxx.xxx.208/28   anywhere              n/a
REJECT     all  ------  anywhere             xxx.xxx.xxx.208/28    n/a
Chain output (policy ACCEPT):
 
 
Thanks
Leandro

Reply to: