iptables help requested
Hello,
I think iptables may be blocking SMTP. I cannot figure
out how. Could you tell me if I am correct and how I
can fix it?
Two NICs: eth0 is the LAN and eth1 is the WAN
Here are my iptables-save and iptables -L -n outputs:
# Generated by iptables-save v1.2.9 on Sun Sep 5
12:43:05 2004
*nat
:PREROUTING ACCEPT [17469:1368391]
:POSTROUTING ACCEPT [616:37414]
:OUTPUT ACCEPT [219:13008]
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j
DNAT --to-destination <local_destination>
COMMIT
# Completed on Sun Sep 5 12:43:05 2004
# Generated by iptables-save v1.2.9 on Sun Sep 5
12:43:05 2004
*filter
:INPUT DROP [31:1836]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [23239:5177809]
-A INPUT -s 127.0.0.1 -i eth1 -j DROP
-A INPUT -d 127.0.0.1 -i eth1 -j DROP
-A INPUT -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP
-A INPUT -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP
-A INPUT -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -d 127.0.0.1 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -s 127.0.0.1 -i eth1 -j DROP
-A FORWARD -d 127.0.0.1 -i eth1 -j DROP
-A FORWARD -s 192.168.0.0/255.255.0.0 -i eth1 -j DROP
-A FORWARD -s 172.16.0.0/255.240.0.0 -i eth1 -j DROP
-A FORWARD -s 10.0.0.0/255.0.0.0 -i eth1 -j DROP
-A FORWARD -o eth1 -p tcp -m tcp --sport 137:139 -j
DROP
-A FORWARD -o eth1 -p udp -m udp --sport 137:139 -j
DROP
-A FORWARD -s ! <local_network> -i eth0 -j DROP
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD -s <allowed_ip_range> -i eth1 -p tcp -m tcp
--dport 3389 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 3389 -j LOG
--log-prefix "RDT: " --log-level 6
-A OUTPUT -o eth1 -p tcp -m tcp --sport 137:139 -j
DROP
-A OUTPUT -o eth1 -p udp -m udp --sport 137:139 -j
DROP
-A OUTPUT -o eth1 -m state --state NEW -j ACCEPT
COMMIT
# Completed on Sun Sep 5 12:43:05 2004
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 127.0.0.1 0.0.0.0/0
DROP all -- 0.0.0.0/0 127.0.0.1
DROP all -- 192.168.0.0/16 0.0.0.0/0
DROP all -- 172.16.0.0/12 0.0.0.0/0
DROP all -- 10.0.0.0/8 0.0.0.0/0
ACCEPT all -- 127.0.0.1 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 127.0.0.1
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:443
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 127.0.0.1 0.0.0.0/0
DROP all -- 0.0.0.0/0 127.0.0.1
DROP all -- 192.168.0.0/16 0.0.0.0/0
DROP all -- 172.16.0.0/12 0.0.0.0/0
DROP all -- 10.0.0.0/8 0.0.0.0/0
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
tcp spts:137:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0
udp spts:137:139
DROP all -- !192.168.100.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state NEW
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
ACCEPT tcp -- <allowed_ip_range> 0.0.0.0/0
tcp dpt:3389
LOG tcp -- 0.0.0.0/0 0.0.0.0/0
tcp dpt:3389 LOG flags 0 level 6 prefix `RDT: '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
tcp spts:137:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0
udp spts:137:139
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
state NEW
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Reply to: