[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting up mail server behind iptables firewall

On Thu, Aug 14, 2003 at 10:04:56AM -0700, Daniel L. Miller wrote:
> This is really getting frustrating - mainly because I don't really
> understand what I'm doing.  Using a port scanner from an external
> webserver, it shows that ports 25, 80, and 10025 are all closed.
> 
> What am I missing?
> 
> Here's the iptables dump from both my firewall and my internal server.
> 
> *** FIREWALL IPTABLES ***
> 
> > iptables -n -v -L

> Chain OUTPUT (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source
> destination         
>     0     0 ACCEPT     all  --  *      lo      0.0.0.0/0
> 0.0.0.0/0          
>     0     0 ACCEPT     all  --  *      eth0    67.106.235.126
> 192.168.69.0/24

I _think_ the above rule is not necessary and maybe not valid.. This is
your internet ip adress, is it not?  I believe your intent here is to
ACCEPT and pass email and http?  I _believe_ you need to change the source
to 0.0.0.0/0 - well, really - probably replace this line altogether and
substitute lines with source 0.0.0.0/0 and dports 25 and 80.  The source
for a packet would be wherever it originated, and not your email address.
>From what I can gather, eth0 is your internal machine and eth1 is your
outside connection..

>   900  154K ACCEPT     all  --  *      eth0    192.168.69.0/24
> 192.168.69.0/24
>     0     0 drop-and-log-it  all  --  *      eth1    0.0.0.0/0
> 192.168.69.0/24    
>     6   504 ACCEPT     all  --  *      eth1    67.106.235.126
> 0.0.0.0/0          
>     0     0 drop-and-log-it  all  --  *      *       0.0.0.0/0
> 0.0.0.0/0          
>
Reply to: