Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-21-2011, 08:02 AM
|
#1
|
LQ Newbie
Registered: May 2011
Posts: 2
Rep:
|
IP table rules
I installed a mail server with postfix+dovecot+roundcube and i added iptable rules to allow 80,443,smtp,smtps,imap,imaps,pop3 pop3s ports to all of our internal users. Now I would like to put this mail server in DMZ zone of firewall to make it global mail server.
And i would like to allow only web access to external users.that means only 80,443 ports need to be opened for external users.
For our internal users, i want to allow 80,443,smtp,imap,pop3 ports.
Please tell me how to write iptable rules for this.
thanks and regards
uma shanker p.
|
|
|
05-21-2011, 08:08 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
well you've already got some rules, so the best thing is to show us what you already have, and we can rewrite or add to them. I dont' really see why you need help with this though if you've already done it once...
|
|
|
05-24-2011, 02:30 AM
|
#3
|
LQ Newbie
Registered: May 2011
Posts: 2
Original Poster
Rep:
|
My Iptable rules
I am here with sending my iptable rules as attachment
|
|
|
05-24-2011, 05:36 AM
|
#4
|
Senior Member
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291
Rep:
|
Are you wanting to add iptables rules on the mail server, or on the firewall. If your putting the mail server in the dmz zone of the firewall, you will need to set up port forwarding on the firewall to direct the traffic to the mail server on the dmz network, for this we will need to know what sort of device your firewall is, is it a modem, or another computer with linu/unix on it?
|
|
|
05-24-2011, 05:42 AM
|
#5
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
Notwithstanding the query above, if this is all you genuinely need to do then...
Code:
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,10000 -j ACCEPT
# Loop device.
-A INPUT -i lo -j ACCEPT
can change to
Code:
-A INPUT -p tcp -m multiport --dport 80,443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 10.0.0.0/8 -m multiport --dport 25,465,110,995,143,993,587,465,22,10000 -m state --state NEW -j ACCEPT
# Loop device.
-A INPUT -i lo -j ACCEPT
assuming that your private network is within 10.0.0.0/8
|
|
|
All times are GMT -5. The time now is 02:41 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|