More firewall strangeness. Squirrelmail + OE

Jukas · 09-26-2005, 11:04 AM

I previously had a problem with my iptables firewall letting M$ Outlook Express check mail via IMAP to my courier IMAP server. For some reason unless I commented out the rule to drop ICMP packets I couldn't check my email via OE. That thread is Here

Setting that aside, I'm having trouble getting Squirrelmail to access my mailboxes via IMAP. The documentation I've found online states:

I've pasted my firewall below. I started adding the equivilant udp port in case it was needing to send a udp packet for some reason. If I ssh into the box and iptables -F I can then log into squirrelmail just fine and see my email, so it's not a config issue with squirrelmail. However with my firewall enabled I see the following error when I try and login:

Quote:

ERROR
Error connecting to IMAP server: xxx.xxx.xxx.xxx
110 : Connection timed out

Quote:

SquirrelMail Webmail
At this point, you should have a working IMAP server which will allow you to collect mail. For a lot of people, a natural progression is to add a webmail front-end. This has several advantages; users can use a consistant interface from anywhere in the world, and firewall administation is made much easier (you only need to open the firewall to the server on port 80, or 443 (https)).

Quote:

#!/bin/bash
#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/sbin/iptables

#flush existing rules
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp
$IPTABLES -A INPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 6900:6910 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s 216.229.107.32 --dport 3306 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 80 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 110 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 143 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 443 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 783 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 993 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 993 -j ACCEPT
$IPTABLES -A INPUT -p tcp -j REJECT
#$IPTABLES -A INPUT -p ICMP -j DROP
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP

Anyone have any ideas? This is driving me batty.