hello, i have 1 computer that serves as a router, it has 2 nic's one that comes from the cable modem and the other to a switch, the server is a dhcp server dns and also a router, all that is ok i can bwrose on the others pc with dhcp, now... also i set up a mail server using communigate (send mails seem to be to hard for me) i'm using the trial version that puts a header to all the messages...
and i have this firewall setup
--------------------------------------------------------------------------------------------------
#!/bin/sh
#
# initialize firewall
#
echo Flushing old firewall settings
iptables -F
echo Starting firewall...
#DHCP Internet and Connection Sharing Script
# Use Ports as 22 [ssh]
# /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# /sbin/iptables -A INPUT -p tcp --dport 1400 -j ACCEPT
/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 555 -j DNAT --to 192.168.0.2:555
/sbin/iptables -A PREROUTING -t nat -p udp -i eth0 --dport 555 -j DNAT --to 192.168.0.2:555
/sbin/iptables -A FORWARD -p tcp --destination-port 555 -j ACCEPT
/sbin/iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 411 -j DNAT --to 192.168.0.2:411
/sbin/iptables -A FORWARD -p tcp --destination-port 411 -j ACCEPT
#localhost 127.0.0.1 and icmp
/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A FORWARD -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#Net Sharing
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -j LOG --log-level 4 --log-prefix "ATTACK"
/sbin/iptables -A INPUT -i eth0 -j DROP
#Add your additional rule here
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
# Some output
echo Firewall loaded
iptables -L
----------------------------------------------------------------------------------------------------
Flushing old firewall settings
Starting firewall...
Firewall loaded
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- localhost localhost
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `ATTACK'
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:555
ACCEPT tcp -- anywhere anywhere tcp dpt:411
ACCEPT all -- localhost localhost
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- localhost localhost
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
Chain tcp_packets (0 references)
target prot opt source destination
----------------------------------------------------------------------------------------------------
now my question is... when i start the firewall i can't recevied any mail, i've tried
iptables -A INPUT -p tcp --sport 25 -j ACCEPT
and
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
nogo...
so what i need is to setup a line in the firewall that allows me to send and received email, without loosing all the others functions like dhcp or nat stuff like that...
thanx in advance