Dear friends,

I have a webserver hosting a webmail. I wrote a fireall script as follows: (only included the core)

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT
$IPT -A INPUT -j DROP

#OUTPUT
$IPT -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -j DROP


In the firewall host, I am hosting a webmail and my company website.

The script works for accessing my company's website, but when I tried to login to the webmail. It says cannot connect to the imap mail server.
I could reach the login screen but cannot proceed further than that.

by adding the sentence:
$IPT -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Then it will work allowing me to access the webmail. But I am curious what is actually the cause such as which port did I left out that forbids the login into the webmail.

please direct me, if you know what I have left out.

thanks for taking time helping!

Regards
Fong

As long as you don't have the IMAP-server on the same machine as the web-server you need to open for connections to it.
You only allow connections out that are related or established, when the webmail tries to log into the imap-server this is a new connection.

iptables -I OUTPUT -p tcp --dport 143 -d <the ip of the imap-server> -j ACCEPT

Should do the trick

Cheers

Oh , thats great. port 143. thanks a lot friend.