Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
To open a port you need to have something listen on it. That's not something iptables does. If, OTOH, what you mean is "How do I allow packets with a certain destination port?" or similar, an example could be:
To open those ports you need to start a daemon which listens on them. Simply creating iptables rules for those ports won't open them - they will still be closed unless something is actually listening on them. As for the iptables rules to allow packets with those destination ports, just change the 123 in my example to 110, then execute a second command with a 25 instead of a 123. Like:
Code:
iptables -A INPUT -p TCP --dport 110 -j ACCEPT
iptables -A INPUT -p TCP --dport 25 -j ACCEPT
There's also a multiport match module you can use if you wanna knock it all out in one command. Example:
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 264 packets, 29987 bytes)
num pkts bytes target prot opt in out source destination
This is now the output.
Thanks.
That doesn't change anything. Like I said, the packets were already being allowed. You only need to mess with iptables if you're looking to add certain restrictions, which isn't the case here AFAICT.
There's no problem AFAICT. You were looking for iptables commands to allow you to use ports 110 and 25. After posting your iptables configuration, it became evident that you don't need any iptables rules to allow access to those ports, since you have no current rules preventing access to them. In other words, iptables will by default refrain from doing any packet filtering, so unless you've changed the default configuration (which apparently you haven't) there really isn't anything for you to do unless you want to start doing packet filtering.
You've got daemons listening on 110 and 25. You've got iptables configured to allow all packets. You're pretty much set as far as your stated desires are. We're here to help if you decide to implement some filtering but as far as your question is concerned there honestly isn't anything to do. Perhaps you can explain what exactly you're having trouble with? Is it that you can't connect to the daemons from a remote box? If so, please provide a description of the setup, both physically (switches, routers, etc.) and logically (IP configurations, etc.), as well as the troubleshooting steps you've taken thus far (and the results).
Router:222.127.x.x
|
Firewall is Pfsense:192.168.101.1
|
email server: 192.168.101.5
Pardon my decription, honestly I don't know how to.
Okay, but you haven't really told us what the problem is. Is it that you're unable to see the ports as being open from the WAN side of 222.127.x.x? How are you verifying? That could be an issue with 222.127.x.x and/or 192.168.101.1 (mis-configured port forwarding, for example). As for 192.168.101.5, we know the daemons are listening and the firewall is disabled, so the only other basic thing to check would be the IP configuration. We can have a look if you post the output of:
Code:
route -n
Code:
ifconfig
BTW, I'm moving this to Networking for more adequate exposure.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.