I have just started administrate Debian server. The previews admin left no documentation for configuration of this system.
My knowladge is good about Slackware but I never used other distro.

This server is MTA ( on postfix) for Exchange 2003. It is conected to external net on eth0, and on eth1 connected directly to Exchange server.
All i need to do at first is to block all incomeing connection on eth0 ( external net) on port 21,22,23 ( ftp, ssh, telnet ).

In slack it was easy. I could use IPTABLES and below entries:

insmod ip_conntrack
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dport 21,22,23 -j DROP

but when i rune this under that Debian server i received errors:

insmod: ip_conntrack: no module by that name found
iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.2.6a: can't initialize iptables table `filter': Table does not exist
(do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

Is that mean that this server has no IPTABLES ?
If not, then how can I install it ?
Does anyone know reason of this ?

Does anyone has description of how to configure MTA (mail tyransport agent ) on POSTFIX on SLACKWARE ?

Sounds like you need to upgrade the kernel.

And that iptables may not be install. That is an easy fix in a terminal/console/shell
type apt-get install iptables. You might want to install webmin and webmin-firewall so you can access the control from the web.

in answer i received this:

Reading Package Lists... Done
Building Dependency Tree... Done
Sorry, iptables is already the newest version.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

correct me if I am wrong. That means IPTABLES is installed ?
It would be good if i havent to upg kernel - never done this before.

#edit
when i type in shell "iptables" then i receive this:
iptables v1.2.6a: no command specified
Try `iptables -h' or 'iptables --help' for more information.

looks like iptables is alrdy in system.

#edit 2
Where should i look for iptables script in Debian ?
In slackware the default location is /etc/rc.d/rc.firewall

What version of kernel and Debian are you using?

this is 2.4.24

You can read manual at /usr/share/doc/iptables/

vi /usr/share/doc/iptables/examples


you should

1.mkdir /var/lib/iptables
2.run your iptables command or iptables script
3./etc/init.d/iptables save active -->save yor iptable command or script to file "/var/lib/iptables/active"
4./etc/init.d/iptables save inactive -->save debain default stop iptabes script to file "/var/lib/iptables/inactive"

then use "sysvconfig" to set above iptables script start at boot.



sorry for my poor english.

Sounds like the kernel wasn't built with netfilter support..

Have a look in /lib/modules/2.4.24/kernel/net/ipv4/netfilter for the netfilter modules. If they aren't there, you will need to install a better kernel.

Debian released a new version last month, so I suspect your update setup may cause problems if it is set to use stable packages.
Have a look in /etc/apt/sources.list and change the word stable to woody
then do apt-get update.
The list of servers in sources.list should look like..

deb ftp://ftp.pl.debian.org/debian woody main contrib non-free
#deb ftp://ftp.pl.debian.org/debian sarge main contrib non-free

deb http://security.debian.org/ woody/updates main contrib non-free
#deb http://security.debian.org/ sarge/updates main contrib non-free

Then do..
apt-get install kernel-image-2.4.18-bf2.4
This kernel number remains the same but the updates are the latest

You should have an older version of this already installed, but an updated copy is necessary.

Change /etc/lilo.conf to use this new image and then do lilo -v to write it to the drive, then reboot.

Postfix is an easy system to configure once you can understand the terminology. If you would like me to give it an initial look and setup my gg number is 6245456
There are a lot of configuration items to consider that you can learn once it is running properly, and webmin is an excellent tool for that. Once it is running ok, it ususlly doesn't need to be touched for a very long time.