LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-25-2005, 01:48 AM   #1
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
Iptables problem with Mail server


I have two servers running Linux. Server A is SAMBA domain controller and Server B is MAIL server(qmail)
My Server A has two NIC. One two my ISP(172.16.57.188/30) and the other to my LAN.(172.16.19.0/24)

Server A LAN IP = 172.16.19.230
Server A ISP IP = 172.16.57.190

Server B IP = 172.16.19.231
Server B also has a dial up option for backup if ISP is down

I have attached my iptable script.
http://s59.yousendit.com/d.aspx?id=0...F23Y94C8R092VF

If i set default INPUT Policy to DROP then incoming Mail stop coming.

I add a rule at the end of the script:
ipt -A -s 0/0 -d $LAN_IP -j REJECT

The above rule will also block nmap port scans.

I am not a pro in iptables. Just know scripting and adding intermediate level rules.Please let me know how to fix this

Thanks

Last edited by ~=gr3p=~; 10-25-2005 at 01:49 AM.
 
Old 10-25-2005, 05:31 AM   #2
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Original Poster
Rep: Reputation: 30
ok i fixed the problem thank you
 
Old 10-25-2005, 11:56 AM   #3
jonaskoelker
Senior Member
 
Registered: Jul 2004
Location: Denmark
Distribution: Ubuntu, Debian
Posts: 1,524

Rep: Reputation: 46
You're welcome :P

I consider it good form to outline exactly how you fixed it. As a good example, have a look at http://www.linuxquestions.org/questi...readid=353843&

--Jonas
 
Old 10-25-2005, 10:28 PM   #4
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Original Poster
Rep: Reputation: 30
I added this rule and it worked. Though now all incoming connections from mail server is allowed which actually i do not want. Anyways this will be live till i get it more tuned:

ipt -A INPUT -s 172.16.19.231 -d 172.16.19.230 -p tcp -m tcp -j LOG --log-prefix "INPUT_DAKYA_MAIL: "
ipt -A INPUT -s 172.16.19.231 -d 172.16.19.230 -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

We are using Suse Enterprise server 9

Last edited by ~=gr3p=~; 10-25-2005 at 10:29 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Advice; 3 NIC's; High Volume Mail Server; Sendmail; Iptables? Killer Bassist Linux - Networking 3 12-04-2005 11:40 PM
Mail server problem jerrymei Linux - Software 1 11-13-2005 11:34 PM
mail server problem irvken Linux - General 2 08-14-2005 02:12 PM
problem receiving pop3 mail from postfix mail server GEN_Electric Linux - Software 2 02-14-2005 02:43 PM
mail server problem chucky Linux - General 5 06-05-2002 05:10 AM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration