Re: Iptables config

[Marcin Bednarz <mbednarz@student.uci.agh.edu.pl>]

Hello.

I wrote :

>
> # change of politics to drop
> iptables -t nat -P PREROUTING DROP
> iptables -t nat -P POSTROUTING DROP
>
> #add ssh serwer (allow incoming)
> iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 22 -j ACCEPT
>
> #add pop3 and imap
> iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 110 -j ACCEPT
> iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 143 -j ACCEPT
>
> iptables -t nat -A PREROUTING -d $yourPublicIP -p udp --destination-port 110 -j ACCEPT
> iptables -t nat -A PREROUTING -d $yourPublicIP -p udp --destination-port 143 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -s $yourPublicIP -j ACCEPT
>
> # are you want to alow ping you machine ? (I dont know if postfix require it)
> iptables -t nat -A PREROUTING  -d $yourPublicIP -p icmp -j ACCEPT
> iptables -t nat -A POSTROUTING  -s $yourPublicIP -p icmp -j ACCEPT

and ...
#SMTP
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 25  -j ACCEPT


Why it is not correct ?
Why you use filter table, not nat ?
I am beginner so please help me if I don't understand anything.

Jakub S.


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org