Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-28-2005, 04:58 PM   #1
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 267

Rep: Reputation: 36
Question newbie - firewall rule

Im using 2.4.19 kernel on 3.1
box is an internet gateway utilizing ipmasq.

after installing the firewalling scripts within ipmasq rules
i could no longer send emails from lan client machines.

after shouting at my isp a couple of times, i remembered about
the firewall rules in (iptables -t nat -L -v) and found the rule
below. i removed it, and now everything's fine.

can someone help me understand what this rule is supposed to do?
clearly it is intended to intercept traffic outbound to smtp server, but
im just not getting the why's, and the results.

I don't understand the target "redir ports 25"

(i would use another solution than ipmasq, but this is an old
pentium1 box without gui - i actually learn alot more by installing
and running stuff from the shell anyway)

Chain PREROUTING (policy ACCEPT 2 packets, 112 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any anywhere tcp dpt:smtp redir ports 25

Thanks in Adv. for assist.
Old 07-28-2005, 07:58 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
The REDIRECT target is used for intercepting/redirecting traffic and routing it to the firewall host. So that rule was intercepting all mail (smtp) traffic coming from the network and rewriting the destination IP on the packets to that of the firewall host. The actual iptables rule itself probably looked like this:

iptables -t nat -A PREROUTING -s -p tcp --dport 25 -j REDIRECT --to-port 25

which in english roughly equates to:
route traffic from with a tcp destination port of 25 and send to localhost on port 25. Check out the following HOWTO section on the REDIRECT target and how it works:

Last edited by Capt_Caveman; 07-28-2005 at 08:02 PM.
Old 07-28-2005, 08:20 PM   #3
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 267

Original Poster
Rep: Reputation: 36
Thanks Captain..

That makes sense canonically for sure...

But why would that rule be there? I suppose the localhost in that case should
be running a mail server for it to work. But what would be the reason for
a rule forcing that path???; after all, every OTHER type of traffic on the LAN is NATing
straight thru to wherever it wants to go. Is it common to re-route smtp traffic this way?

just curious, and really - i appreciate your input. I have read a few tutorials
on iptables and i've tried to decipher some firewall scripts; im so new (4mos)
it just takes awhile to digest it all.

Thanks again!
Old 07-30-2005, 07:25 AM   #4
Senior Member
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
hmm.. if smtp traffic routed to localhost u must have a working MTA on linux. but it is better idea to redirect pop3 port also. u need to setup local MTA and get users mail from your ISP by fetchmail or similiar program. so local MTA can check incoming outgoing mails for viruses and spams.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firewall question - stumped by 1 rule! thekillerbean Linux - Networking 4 08-27-2005 01:59 AM
funny new firewall rule tom_from_van Linux - Security 3 07-19-2005 11:39 AM
APF Firewall Rule Help embsupafly Linux - Security 1 03-08-2005 11:00 PM
is this firewall rule safe? melinda_sayang Linux - Security 1 12-21-2004 07:44 AM
Need A Firewall Rule linuxboy69 Linux - Software 1 11-26-2003 04:29 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:55 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration