LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-23-2010, 02:09 PM   #1
actiononline
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 0
POP3 through iptyables and ConfigServer Security & Firewall


Hi folks, let me explain my setup here. I have a Suse11 box with 2 network cards:
Eth1: 10.0.0.222
eth3 172.16.0.100
eth3:1 192.168.1.100
eth3:2 100.50.0.100
eth3:3 192.168.0.100

I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
 
Old 09-24-2010, 11:28 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux
Posts: 2,838
Blog Entries: 1

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
Quote:
Originally Posted by actiononline View Post
Hi folks, let me explain my setup here. I have a Suse11 box with 2 network cards:
Eth1: 10.0.0.222
eth3 172.16.0.100
eth3:1 192.168.1.100
eth3:2 100.50.0.100
eth3:3 192.168.0.100

I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
Im not entirely sure what the question here is...
 
Old 09-24-2010, 12:01 PM   #3
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, PCLinuxOS
Posts: 137

Rep: Reputation: 7
show your iptables configuration. This will helps us to troubleshoot your problem. Till the time you can apply following firewall rules to allow mail traffic:

iptables -t nat -I POSTROUTING -p tcp --dport 110 -o <your internet interface> -j MASQUERADE
iptables -t nat -I POSTROUTING -p tcp --dport 25 -o <your internet interface> -j MASQUERADE
iptables -t nat -I POSTROUTING -p tcp --dport 995 -o <your internet interface> -j MASQUERADE

now check and save iptables.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall blocking some POP3 requests Funky D Linux - Networking 5 09-23-2005 04:21 PM
POP3 Security lacerto Linux - Security 2 05-10-2005 08:08 AM
Pop3 access behind RH9 firewall Mental Skylight Linux - Newbie 4 12-02-2004 04:28 PM
Internet security - firewall & anti virus bobirt Linux - Security 2 12-20-2001 08:45 AM


All times are GMT -5. The time now is 07:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration