LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 01-31-2008, 01:05 AM   #1
vedang
Member
 
Registered: May 2006
Posts: 89

Rep: Reputation: 15
want to get SMTP and POP3 working through iptables.


I have a newly configured RHEL4 machine to work as a firewall and Proxy. Squid proxy is working just fine with all applications.

I have a ADSL router with Static WAN ip and LAN ip of the router is 172.16.0.1.
LAN ip is connected to external interface of Gateway/Firewall machine ( on which i have configured squid and iptables ) whose IP is 172.16.0.3.
Internal interface of the gateway machine is 192.168.0.114.
I have a sendmail server with ip 192.168.0.113 who sends mails to external SMTP server 65.99.240.35 and uses fetchmail with POP3 protocol to fetchmails from that same external server.
I have Winproxy currently working with no problems and I want to shift to iptables .

I tried with following commands which did not work. I am a beginner of Iptables.

/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

#Port Forward SMTP to the mailserver

/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.16.0.1 --dport 25 -j DNAT --to-destination 192.168.0.113:25
/sbin/iptables -A FORWARD -p tcp -d 192.168.0.113 --dport 25 -j ACCEPT

#SNAT for port 25 and 110

/sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.113 --dport 25 -o eth1 -j SNAT --to-source 172.16.0.1
/sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/21 --dport 110 -o eth1 -j SNAT --to-source 172.16.0.1


Please help me to get this problem solved.
 
Old 01-31-2008, 04:32 AM   #2
Simon Bridge
Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 197Reputation: 197
From what you have shown us, I'd want to have a look at the order your rules are applied.
The environment that your rules live in can be important. eg.
Is the gateway managed by port forwarding or as a bridge?
Do you use default drop policies?
Do you accept incoming established or related packets?
Do you filter outgoing packets?

Some examples...
http://www.linuxquestions.org/questi...opsmtp-117588/
http://www200.pair.com/mecham/spam/d...-firewall.html
http://oceanpark.com/notes/firewall_example.html

Your rules suggest that you expect new incoming smtp connections "unannounced"... doesn't the mail-server have to request these from the external mail-server?
 
Old 01-31-2008, 05:54 AM   #3
vedang
Member
 
Registered: May 2006
Posts: 89

Original Poster
Rep: Reputation: 15
SMTP and POP3 through iptables

I am totally unaware of questions you are asking.

I have started learning iptables. I am a totally fresher in iptables.
The rules I have implemented are from a book, which I tried to mould as per my metwork.

Can you provide me iptables rules for this network.


Also it will be a great help it you can tell me how to start learning iptables from scratch.
 
Old 01-31-2008, 06:12 AM   #4
dyasny
Member
 
Registered: Dec 2007
Location: Canada
Distribution: RHEL,Fedora
Posts: 849

Rep: Reputation: 91
iptablesrocks.org

have a look
 
Old 02-01-2008, 01:46 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,688

Rep: Reputation: Disabled
This is the guide:

http://iptables.rlworkman.net/iptables-tutorial.html

And it is really, really good.
 
Old 02-01-2008, 08:56 AM   #6
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 231Reputation: 231Reputation: 231
I would have said "This is the guide: ..."
No argument from me, Oskar Andreasson, has been the iptables tutorial guru for years.

Thanks Simon & dyasny for the other links, they look interesting, too.

vedang,
I hope you learn quickly & can afford down time due to mistakes -- it sounds like you're taking on a major educational experience. Good Luck.
 
Old 02-01-2008, 09:16 AM   #7
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,688

Rep: Reputation: Disabled
Right you are. Comes from hurrying out answers. Everybody please take note: This is the guide... as archtoad6 rightly pointed out.

 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP/POP3 problems with squid/iptables dragonleech Linux - Security 8 09-23-2010 05:57 AM
SMTP AND POP3 through iptables vedang Linux - Server 5 01-31-2008 12:47 AM
Iptables Configuration for pop3 and smtp access ! help Pluster Linux - Networking 3 05-13-2006 01:24 AM
SMTP/POP3 iptables problem dragonleech Linux - Security 4 12-12-2005 12:33 PM
POP3/SMTP-IPTABLES Problems chris Linux - Networking 1 02-28-2003 05:55 AM


All times are GMT -5. The time now is 06:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration