Re: Setting up mail server behind iptables firewall
On Thu, Aug 14, 2003 at 10:04:56AM -0700, Daniel L. Miller wrote:
> This is really getting frustrating - mainly because I don't really
> understand what I'm doing. Using a port scanner from an external
> webserver, it shows that ports 25, 80, and 10025 are all closed.
>
> What am I missing?
>
> Here's the iptables dump from both my firewall and my internal server.
>
> *** FIREWALL IPTABLES ***
>
> > iptables -n -v -L
> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT all -- * lo 0.0.0.0/0
> 0.0.0.0/0
> 0 0 ACCEPT all -- * eth0 67.106.235.126
> 192.168.69.0/24
I _think_ the above rule is not necessary and maybe not valid.. This is
your internet ip adress, is it not? I believe your intent here is to
ACCEPT and pass email and http? I _believe_ you need to change the source
to 0.0.0.0/0 - well, really - probably replace this line altogether and
substitute lines with source 0.0.0.0/0 and dports 25 and 80. The source
for a packet would be wherever it originated, and not your email address.
>From what I can gather, eth0 is your internal machine and eth1 is your
outside connection..
> 900 154K ACCEPT all -- * eth0 192.168.69.0/24
> 192.168.69.0/24
> 0 0 drop-and-log-it all -- * eth1 0.0.0.0/0
> 192.168.69.0/24
> 6 504 ACCEPT all -- * eth1 67.106.235.126
> 0.0.0.0/0
> 0 0 drop-and-log-it all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
Reply to: