Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im using 2.4.19 kernel on 3.1
box is an internet gateway utilizing ipmasq.
after installing the firewalling scripts within ipmasq rules
i could no longer send emails from lan client machines.
after shouting at my isp a couple of times, i remembered about
the firewall rules in (iptables -t nat -L -v) and found the rule
below. i removed it, and now everything's fine.
can someone help me understand what this rule is supposed to do?
clearly it is intended to intercept traffic outbound to smtp server, but
im just not getting the why's, and the results.
I don't understand the target "redir ports 25"
(i would use another solution than ipmasq, but this is an old
pentium1 box without gui - i actually learn alot more by installing
and running stuff from the shell anyway)
Chain PREROUTING (policy ACCEPT 2 packets, 112 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any 192.168.0.0/24 anywhere tcp dpt:smtp redir ports 25
The REDIRECT target is used for intercepting/redirecting traffic and routing it to the firewall host. So that rule was intercepting all mail (smtp) traffic coming from the 192.168.0.0/24 network and rewriting the destination IP on the packets to that of the firewall host. The actual iptables rule itself probably looked like this:
which in english roughly equates to:
route traffic from 192.168.0.0/24 with a tcp destination port of 25 and send to localhost on port 25. Check out the following HOWTO section on the REDIRECT target and how it works: http://iptables-tutorial.frozentux.n...REDIRECTTARGET
Last edited by Capt_Caveman; 07-28-2005 at 08:02 PM.
But why would that rule be there? I suppose the localhost in that case should
be running a mail server for it to work. But what would be the reason for
a rule forcing that path???; after all, every OTHER type of traffic on the LAN is NATing
straight thru to wherever it wants to go. Is it common to re-route smtp traffic this way?
just curious, and really - i appreciate your input. I have read a few tutorials
on iptables and i've tried to decipher some firewall scripts; im so new (4mos)
it just takes awhile to digest it all.
hmm.. if smtp traffic routed to localhost u must have a working MTA on linux. but it is better idea to redirect pop3 port also. u need to setup local MTA and get users mail from your ISP by fetchmail or similiar program. so local MTA can check incoming outgoing mails for viruses and spams.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.