LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-19-2009, 05:26 AM   #1
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Rep: Reputation: 15
Blocking Port 25 On Proxy Server!!!


Hi everyone,

This is varun here,
i am using a proxy server 172.20.x.x,
how do i block port 25 on this server so that anyone from ip range 172.20.x.x cannot access via telnet,etc.using this port.

Please help.

Thanks!
 
Old 08-19-2009, 05:29 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello,

What proxy are you using? Do you have iptables installed/configured?

Kind regards,

Eric
 
Old 08-19-2009, 05:30 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
If it is a proxy then it would be giving access in the first place without running an smtp proxy on that port, which is unlikely if you don't already know. so you'd need to be routing, not proxying, the traffic on it, and that would be where firewalls, including iptables / netfilter would be used to block traffic.
 
Old 08-19-2009, 05:38 AM   #4
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
Yes i have iptables installed and configured however i am not able to block the port may be i am not putting the command right!

eg. iptables -A INPUT -s 172.20.x.x/20 -d proxyserver -p TCP --dport 25

i also tried;
iptables -A FORWARD -s 172.20.x.x/20 -d proxyserver -p TCP --dport 25

Please HELP!!!
 
Old 08-19-2009, 05:59 AM   #5
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
iptables -A INPUT -s 172.20.0.0 -p tcp -dport 25 -j DROP

That should block all traffic on port 25 from 172.20.0.0 network. But do you want to block all access to that port?

Kind regards,

Eric
 
Old 08-19-2009, 06:05 AM   #6
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
yes i want to block all except my internal lan??
 
Old 08-19-2009, 06:11 AM   #7
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Ah ok, all except your internal LAN, sorry for the misunderstanding
Code:
iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP
That should drop all access to port 25 from any source that is not 172.20.0.0.

Kind regards,

Eric
 
Old 08-19-2009, 06:21 AM   #8
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by EricTRA View Post
Ah ok, all except your internal LAN, sorry for the misunderstanding
Code:
iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP
That should drop all access to port 25 from any source that is not 172.20.0.0.

Kind regards,

Eric


i did it but when i tried this,
telnet 172.20.x.x 25
it connected,it is giving access via telnet on port 25 i want to stop that too?
 
Old 08-19-2009, 06:33 AM   #9
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Are you on the same LAN or one of the subnets? I assume you are if you can connect.

Kind regards,

Eric
 
Old 08-19-2009, 06:42 AM   #10
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
Yes i am on the same lan but i want to stop access via telnet on port 25.
 
Old 08-19-2009, 06:52 AM   #11
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Sorry but now your confusing me a lot. In your original post you state
Quote:
how do i block port 25 on this server so that anyone from ip range 172.20.x.x cannot access via telnet,etc.using this port.
To which I gave you
Code:
iptables -A INPUT -s 172.20.0.0 -p tcp -dport 25 -j DROP
as a solution to block all traffic from your LAN on port 25.

Following you said
Quote:
yes i want to block all except my internal lan??
Today 12:59 PM
so the rule changed to
Code:
iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP
that blocks all traffic except from your LAN.

And now you change your mind again to blocking all access from your LAN?

Could you PLEASE state what exactly you want to do:
1. block access to port 25 from anywhere
2. block access to port 25 from anywhere except your LAN
3. block access to port 25 ONLY from your LAN
4. something else??

Kind regards,

Eric
 
Old 08-19-2009, 07:29 AM   #12
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
sorry for the misunderstanding..

i want to;
1. block access to port 25 from anywhere


Thanks,
 
Old 08-19-2009, 07:32 AM   #13
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
No worries.

Try this
Code:
iptables -A INPUT -p tcp -dport 25 -j DROP
Kind regards,

Eric
 
Old 08-19-2009, 07:44 AM   #14
varun2109
LQ Newbie
 
Registered: Apr 2008
Posts: 27

Original Poster
Rep: Reputation: 15
its not working??
 
Old 08-19-2009, 08:53 PM   #15
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
You have to restart iptables for it to take effect. If it works, you also have to save the iptables settings, otherwise a reboot will revert to the original settings.

Note also that if you want to 'block' access to port 25 from 'anywhere', then you don't need iptables, you just don't run a server (presumably mailserver eg sendmail) on port 25; no server listening on port 25 = no way to connect on port 25, regardless of iptables.

HTH
 
  


Reply

Tags
blocking, port, smtp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linux Proxy server and https sites blocking Ammad Linux - Server 1 08-19-2009 10:26 PM
iptables -- Transparent Proxy with port blocking. rahuljethwa Linux - Networking 1 12-17-2008 12:38 AM
VNCServer help: proxy not blocking the port, but VNC still not coming through MikeOfAustin Linux - Software 3 05-09-2008 02:33 PM
Blocking websites in squid proxy server. crackerB Linux - Software 1 10-18-2006 02:44 AM
Proxy server flodded by requests on port 53 & port 25 saurabh_sahni Linux - Networking 1 04-26-2005 03:01 PM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration