I make some rules to my firewall and it do not work
well for all services.
I change some router configuration to control the
security from on block that I have some Windows Servers
For ftp ports it's work perfect, but
from Windows Server, it is not work fine, the smtp service from IIS
(with port 25) dont't work
I put some coments in my rules to explain my
intention.
:input ACCEPT
:forward ACCEPT :output ACCEPT ---> I open smtp ports for the second block
(it's don't work and it's my problem)
-A forward -s xxx.xxx.xxx.208/255.255.255.240 25:25 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT -A forward -s 0.0.0.0/0.0.0.0 -d
xxx.xxx.xxx.208/255.255.255.240 25:25 -p 6 -j ACCEPT
---> I open the ftp ports (it's work
fine)
-A forward -s xxx.xxx.xxx.208/255.255.255.240 20:20
-d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 20:20 -p 6 -j ACCEPT -A forward -s xxx.xxx.xxx.208/255.255.255.240 21:21
-d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 21:21 -p 6 -j ACCEPT ---> I reject all conection to any server in
this block
-A forward -s 0.0.0.0/0.0.0.0 -d xxx.xxx.xxx.208/255.255.255.240 -j REJECT Is anyone know where is my fault or where I make
some mistake? Did have some more ports?
This is the my ipchains table: (/sbin/ipchains
-L)
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT): target prot opt source destination ports ACCEPT tcp ------ anywhere xxx.xxx.xxx.208/28 any -> smtp ACCEPT tcp ------ xxx.xxx.xxx.208/28 anywhere any -> smtp ACCEPT tcp ------ anywhere xxx.xxx.xxx.208/28 any -> ftp ACCEPT tcp ------ xxx.xxx.xxx.208/28 anywhere any -> ftp ACCEPT tcp ------ anywhere xxx.xxx.xxx.208/28 any -> ftp-data ACCEPT tcp ------ xxx.xxx.xxx.208/28 anywhere any -> ftp-data ACCEPT all ------ xxx.xxx.xxx.208/28 anywhere n/a REJECT all ------ anywhere xxx.xxx.xxx.208/28 n/a Chain output (policy ACCEPT): Thanks
Leandro
|