LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   newbie - firewall rule (https://www.linuxquestions.org/questions/linux-security-4/newbie-firewall-rule-347806/)

danimalz 07-28-2005 04:58 PM
newbie - firewall rule
 
Im using 2.4.19 kernel on 3.1
box is an internet gateway utilizing ipmasq.

after installing the firewalling scripts within ipmasq rules
i could no longer send emails from lan client machines.

after shouting at my isp a couple of times, i remembered about
the firewall rules in (iptables -t nat -L -v) and found the rule
below. i removed it, and now everything's fine.

can someone help me understand what this rule is supposed to do?
clearly it is intended to intercept traffic outbound to smtp server, but
im just not getting the why's, and the results.

I don't understand the target "redir ports 25"

(i would use another solution than ipmasq, but this is an old
pentium1 box without gui - i actually learn alot more by installing
and running stuff from the shell anyway)


Chain PREROUTING (policy ACCEPT 2 packets, 112 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any 192.168.0.0/24 anywhere tcp dpt:smtp redir ports 25

Thanks in Adv. for assist.
Danimal

Capt_Caveman 07-28-2005 07:58 PM
The REDIRECT target is used for intercepting/redirecting traffic and routing it to the firewall host. So that rule was intercepting all mail (smtp) traffic coming from the 192.168.0.0/24 network and rewriting the destination IP on the packets to that of the firewall host. The actual iptables rule itself probably looked like this:

iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 25 -j REDIRECT --to-port 25

which in english roughly equates to:
route traffic from 192.168.0.0/24 with a tcp destination port of 25 and send to localhost on port 25. Check out the following HOWTO section on the REDIRECT target and how it works:
http://iptables-tutorial.frozentux.n...REDIRECTTARGET

danimalz 07-28-2005 08:20 PM
Thanks Captain..

That makes sense canonically for sure...

But why would that rule be there? I suppose the localhost in that case should
be running a mail server for it to work. But what would be the reason for
a rule forcing that path???; after all, every OTHER type of traffic on the LAN is NATing
straight thru to wherever it wants to go. Is it common to re-route smtp traffic this way?

just curious, and really - i appreciate your input. I have read a few tutorials
on iptables and i've tried to decipher some firewall scripts; im so new (4mos)
it just takes awhile to digest it all.

Thanks again!
Danimal

maxut 07-30-2005 07:25 AM
hmm.. if smtp traffic routed to localhost u must have a working MTA on linux. but it is better idea to redirect pop3 port also. u need to setup local MTA and get users mail from your ISP by fetchmail or similiar program. so local MTA can check incoming outgoing mails for viruses and spams.


All times are GMT -5. The time now is 09:23 AM.