LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-28-2005, 04:58 PM   #1
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 257

Rep: Reputation: 36
Question newbie - firewall rule


Im using 2.4.19 kernel on 3.1
box is an internet gateway utilizing ipmasq.

after installing the firewalling scripts within ipmasq rules
i could no longer send emails from lan client machines.

after shouting at my isp a couple of times, i remembered about
the firewall rules in (iptables -t nat -L -v) and found the rule
below. i removed it, and now everything's fine.

can someone help me understand what this rule is supposed to do?
clearly it is intended to intercept traffic outbound to smtp server, but
im just not getting the why's, and the results.

I don't understand the target "redir ports 25"

(i would use another solution than ipmasq, but this is an old
pentium1 box without gui - i actually learn alot more by installing
and running stuff from the shell anyway)


Chain PREROUTING (policy ACCEPT 2 packets, 112 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any 192.168.0.0/24 anywhere tcp dpt:smtp redir ports 25

Thanks in Adv. for assist.
Danimal
 
Old 07-28-2005, 07:58 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
The REDIRECT target is used for intercepting/redirecting traffic and routing it to the firewall host. So that rule was intercepting all mail (smtp) traffic coming from the 192.168.0.0/24 network and rewriting the destination IP on the packets to that of the firewall host. The actual iptables rule itself probably looked like this:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 25 -j REDIRECT --to-port 25

which in english roughly equates to:
route traffic from 192.168.0.0/24 with a tcp destination port of 25 and send to localhost on port 25. Check out the following HOWTO section on the REDIRECT target and how it works:
http://iptables-tutorial.frozentux.n...REDIRECTTARGET

Last edited by Capt_Caveman; 07-28-2005 at 08:02 PM.
 
Old 07-28-2005, 08:20 PM   #3
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 257

Original Poster
Rep: Reputation: 36
Thanks Captain..

That makes sense canonically for sure...

But why would that rule be there? I suppose the localhost in that case should
be running a mail server for it to work. But what would be the reason for
a rule forcing that path???; after all, every OTHER type of traffic on the LAN is NATing
straight thru to wherever it wants to go. Is it common to re-route smtp traffic this way?

just curious, and really - i appreciate your input. I have read a few tutorials
on iptables and i've tried to decipher some firewall scripts; im so new (4mos)
it just takes awhile to digest it all.

Thanks again!
Danimal
 
Old 07-30-2005, 07:25 AM   #4
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
hmm.. if smtp traffic routed to localhost u must have a working MTA on linux. but it is better idea to redirect pop3 port also. u need to setup local MTA and get users mail from your ISP by fetchmail or similiar program. so local MTA can check incoming outgoing mails for viruses and spams.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall question - stumped by 1 rule! thekillerbean Linux - Networking 4 08-27-2005 01:59 AM
funny new firewall rule tom_from_van Linux - Security 3 07-19-2005 11:39 AM
APF Firewall Rule Help embsupafly Linux - Security 1 03-08-2005 11:00 PM
is this firewall rule safe? melinda_sayang Linux - Security 1 12-21-2004 07:44 AM
Need A Firewall Rule linuxboy69 Linux - Software 1 11-26-2003 04:29 PM


All times are GMT -5. The time now is 01:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration