Re: Iptables config - new
As mentioned in some other mail, always use iptables -F IMPUT first to
avoid piling up rules like in your case. You defined three rules and
there shouldn't be more (its not a windows maschine after all).
A couple more questions. What is your net set up: Are 192.168.2.2 and
xxx.yyy.zzz.com (the ip it resolves to, that is) different adaptors,
possibly xxx.yyy.zzz.com is eth0 and the other one eth1? All your
packages apply only for packages coming into eth0, except
the default rule. So I would assume, the from internal network coming
smtp connection is not coming through eth0 but is the one which got
accepted in the default policy line?
> Chain INPUT (policy ACCEPT 1 packets, 102 bytes)
I dont still cannot say where the missing smtp packages are. Try to use
iptables -nvL (keeps iptables from reverse resolving ip addresses and
port numbers)
just to make sure, smtp means port 25.
As your last line put a rule in which logs all packages which does't get
effected by any of the rules, and monitor your adaptor using
tcpdump -i eth0
Finally check the other rulesets in iptables, e.g. nat (by iptables -t
nat -vnL) or just dump everything to the console using iptables-save.
Looking at all these, people might say more about smtp-packages going
astry
Mathias
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: