LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-09-2005, 04:37 PM   #1
dragonleech
LQ Newbie
 
Registered: Dec 2005
Posts: 24

Rep: Reputation: 15
SMTP/POP3 iptables problem


I had a problem earlier where I was not able to get my SMPT and POP3 out through a proxy/firewall (squid/iptables). I was able to resolve that issue by making a masquarading rule within iptables. In doing that I had no rules in iptables.

I am now trying to secure the box down and closing down all but the ports that I want open. When I open up port 25 and 110 as either the source or destination port I am not able to send or recieve email.
Here is a peice of my iptables config file

-A FORWARD -p tcp -m tcp -s 192.168.10.0/24 --sport 3128 -j ACCEPT
-A FORWARD -p udp -m tcp --sport 110 -j ACCEPT
-A FORWARD -p tcp -m tcp -j DROP
 
Old 12-09-2005, 07:53 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
You'll need more than that for the FORWARD chain. For example you'll need to allow incoming POP3 packets (dport 110). If you are connecting to a remote POP3 server, then you can limit the incoming traffic to the ESTABLSHED,RELATED state rather than allowing all incoming traffic. In the 2nd rule you posted, you should also really limit that to traffic coming *into* the internal interface otherwise you open up your entire network to the internet. Also I don't see anything for the SMTP traffic at all...

It would really help if you posted the entire firewall (with public IPs scrubbed).
 
Old 12-10-2005, 09:47 PM   #3
dragonleech
LQ Newbie
 
Registered: Dec 2005
Posts: 24

Original Poster
Rep: Reputation: 15
ok thanks I will take a look at this Monday when I get back to work.

If I still need more help I will post my entire iptables.

Thanks,

Dragonleech
 
Old 12-12-2005, 09:05 AM   #4
dragonleech
LQ Newbie
 
Registered: Dec 2005
Posts: 24

Original Poster
Rep: Reputation: 15
Below is my iptables that is not allowing me to get my SMTP/POP3 out.

Thanks,

Dragonleech

# Completed on Fri Dec 9 14:44:00 2005
# Generated by iptables-save v1.3.0 on Fri Dec 9 14:44:00 2005
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Dec 9 14:44:00 2005
# Generated by iptables-save v1.3.0 on Fri Dec 9 14:44:00 2005
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -p tcp -m tcp -s 192.168.10.0/24 --sport 3128 -j ACCEPT
-A FORWARD -p tcp -m tcp --sport 110 -j ACCEPT
-A FORWARD -p tcp -m tcp -i eth1 --sport 25 -j ACCEPT
-A FORWARD -p tcp -m tcp -j DROP
-A OUTPUT -p tcp -m tcp -s 192.168.10.0/24 --dport 110 -j ACCEPT
COMMIT
 
Old 12-12-2005, 11:33 AM   #5
dragonleech
LQ Newbie
 
Registered: Dec 2005
Posts: 24

Original Poster
Rep: Reputation: 15
ok I got this resolved too. I found this page on the internet and modified the parts that I needed to get it to work.

http://oceanpark.com/notes/firewall_...l_example.html

Dragonleech
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP/POP3 problems with squid/iptables dragonleech Linux - Security 8 09-23-2010 04:57 AM
POP3/SMTP ximian problem solved? Bensoft Kill MS Linux - Security 2 08-26-2003 08:45 PM
POP3/SMTP ximian Problem Bensoft Kill MS Linux - Security 2 08-25-2003 04:06 PM
POP3/SMTP ximian Problem Bensoft Kill MS Linux - Networking 1 08-24-2003 08:51 PM
POP3/SMTP-IPTABLES Problems chris Linux - Networking 1 02-28-2003 04:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:07 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration