[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables config - new

When using the folowing rules

-----------------------------------------------------------------------------
iptables -P INPUT ACCEPT

iptables -A INPUT -p tcp -m multiport -s 0/0 --dport 25,110,22 -i eth0 -j 
ACCEPT
-----------------------------------------------------------------------------



i get this output from iptables -vL.
-----------------------------------------------------------------------------
Chain INPUT (policy ACCEPT 1 packets, 102 bytes)
 pkts bytes target     prot opt in     out     source
destination
    0     0 REJECT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:auth reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:auth reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:auth reject-with icmp-port-unreachable
   12   488 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
 1027 85784 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:pop3
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:ssh
    0     0 ACCEPT     tcp  --  eth0   any     anywhere
anywhere           tcp dpt:smtp

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 10804 packets, 584K bytes)
 pkts bytes target     prot opt in     out     source
destination 
-----------------------------------------------------------------------------


And now i cant telnet to port 25 from antoher machine but i can from the
local one. Like this

---------------------------------------------------
localmachine$ telnet 192.168.2.2 25
Trying 192.168.2.2...
Connected to 192.168.2.2.
Escape character is '^]'.
220 xxx.yyy.zzz.com ESMTP Postfix (Debian/GNU)
---------------------------------------------------

---------------------------------------------------
remotemachine$ telnet xxx.yyy.zzz.com 25
421 xxx.yyy.zzz.com Sorry, unable to contact destination SMTP daemon.
---------------------------------------------------

if i issue the comand "/etc/init.d/iptables clear" witch set all policies
to ACCEPT i get the folowing out put from iptables -vL.


---------------------------------------------------------
Chain INPUT (policy ACCEPT 6 packets, 384 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 3 packets, 360 bytes)
 pkts bytes target     prot opt in     out     source
destination
----------------------------------------------------------

And know i can telnet to port 25 from another machine. An important note
is that this problem is only with port 25, i can telnet to port 110 and 22
all the time.

Can anyone please enligthen me on this problem as it is a bit wired.

thanks for all the input and the help

___
Mvh./Yours sincerely

Lars 

========================================================================
Lars Roland Kristiansen             | Email:        m00lrk@math.ku.dk 
Stu. Sci. Math/Computer science     | TLF(home):    39670663 
Copenhagen University -             | Home address: Emdrupvej 175 
Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV 
Url: www.math.ku.dk                 |
========================================================================

   "Politics is for the moment, equations are forever"
                                                    - Albert Einstein



-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: