LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-21-2011, 08:02 AM   #1
umashanker_p28
LQ Newbie
 
Registered: May 2011
Posts: 2

Rep: Reputation: Disabled
IP table rules


I installed a mail server with postfix+dovecot+roundcube and i added iptable rules to allow 80,443,smtp,smtps,imap,imaps,pop3 pop3s ports to all of our internal users. Now I would like to put this mail server in DMZ zone of firewall to make it global mail server.
And i would like to allow only web access to external users.that means only 80,443 ports need to be opened for external users.
For our internal users, i want to allow 80,443,smtp,imap,pop3 ports.
Please tell me how to write iptable rules for this.

thanks and regards
uma shanker p.
 
Old 05-21-2011, 08:08 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well you've already got some rules, so the best thing is to show us what you already have, and we can rewrite or add to them. I dont' really see why you need help with this though if you've already done it once...
 
Old 05-24-2011, 02:30 AM   #3
umashanker_p28
LQ Newbie
 
Registered: May 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
My Iptable rules

I am here with sending my iptable rules as attachment
Attached Files
File Type: txt iptables.txt (732 Bytes, 21 views)
 
Old 05-24-2011, 05:36 AM   #4
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
Are you wanting to add iptables rules on the mail server, or on the firewall. If your putting the mail server in the dmz zone of the firewall, you will need to set up port forwarding on the firewall to direct the traffic to the mail server on the dmz network, for this we will need to know what sort of device your firewall is, is it a modem, or another computer with linu/unix on it?
 
Old 05-24-2011, 05:42 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Notwithstanding the query above, if this is all you genuinely need to do then...
Code:
-A INPUT -p tcp -m multiport --dport 80,443,25,465,110,995,143,993,587,465,22,10000 -j ACCEPT
# Loop device.
-A INPUT -i lo -j ACCEPT
can change to
Code:
-A INPUT -p tcp -m multiport --dport 80,443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -s 10.0.0.0/8 -m multiport --dport 25,465,110,995,143,993,587,465,22,10000 -m state --state NEW -j ACCEPT
# Loop device.
-A INPUT -i lo -j ACCEPT
assuming that your private network is within 10.0.0.0/8
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Slack 13.1 : /etc/udev/rules.d70-persistent-net.rules Ramurd Slackware 10 02-18-2011 10:56 AM
First Table applies its rules in iptalbes Tarikc Linux - Newbie 3 05-17-2009 04:54 AM
cat: /etc/udev/rules.d/70-persistent-net.rules: No such file or directory rcg1984 Linux From Scratch 2 09-17-2008 08:02 AM
(for XMAS) table game ideas and instructions/rules titanium_geek General 0 12-20-2006 04:29 AM
How to show rules in nat table? mrpc_cambodia Red Hat 2 09-26-2004 11:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration