Blocking Port 25 On Proxy Server!!!

varun2109 · 08-19-2009, 05:26 AM

Hi everyone,

This is varun here,
i am using a proxy server 172.20.x.x,
how do i block port 25 on this server so that anyone from ip range 172.20.x.x cannot access via telnet,etc.using this port.

Please help.

Thanks!

EricTRA · 08-19-2009, 05:29 AM

Hello,

What proxy are you using? Do you have iptables installed/configured?

Kind regards,

Eric

acid_kewpie · 08-19-2009, 05:30 AM

If it is a proxy then it would be giving access in the first place without running an smtp proxy on that port, which is unlikely if you don't already know. so you'd need to be routing, not proxying, the traffic on it, and that would be where firewalls, including iptables / netfilter would be used to block traffic.

varun2109 · 08-19-2009, 05:38 AM

Yes i have iptables installed and configured however i am not able to block the port may be i am not putting the command right!

eg. iptables -A INPUT -s 172.20.x.x/20 -d proxyserver -p TCP --dport 25

i also tried;
iptables -A FORWARD -s 172.20.x.x/20 -d proxyserver -p TCP --dport 25

Please HELP!!!

EricTRA · 08-19-2009, 05:59 AM

iptables -A INPUT -s 172.20.0.0 -p tcp -dport 25 -j DROP

That should block all traffic on port 25 from 172.20.0.0 network. But do you want to block all access to that port?

Kind regards,

Eric

varun2109 · 08-19-2009, 06:05 AM

yes i want to block all except my internal lan??

EricTRA · 08-19-2009, 06:11 AM

Ah ok, all except your internal LAN, sorry for the misunderstanding

Code:

iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP

That should drop all access to port 25 from any source that is not 172.20.0.0.

Kind regards,

Eric

varun2109 · 08-19-2009, 06:21 AM

Quote:

Originally Posted by EricTRA

Ah ok, all except your internal LAN, sorry for the misunderstanding

Code:

iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP

That should drop all access to port 25 from any source that is not 172.20.0.0.

Kind regards,

Eric

i did it but when i tried this,
telnet 172.20.x.x 25
it connected,it is giving access via telnet on port 25 i want to stop that too?

EricTRA · 08-19-2009, 06:33 AM

Are you on the same LAN or one of the subnets? I assume you are if you can connect.

Kind regards,

Eric

varun2109 · 08-19-2009, 06:42 AM

Yes i am on the same lan but i want to stop access via telnet on port 25.

EricTRA · 08-19-2009, 06:52 AM

Sorry but now your confusing me a lot. In your original post you state

Quote:

how do i block port 25 on this server so that anyone from ip range 172.20.x.x cannot access via telnet,etc.using this port.

To which I gave you

Code:

iptables -A INPUT -s 172.20.0.0 -p tcp -dport 25 -j DROP

as a solution to block all traffic from your LAN on port 25.

Following you said

Quote:

yes i want to block all except my internal lan??
Today 12:59 PM

so the rule changed to

Code:

iptables -A INPUT -s !172.20.0.0 -p tcp -dport 25 -j DROP

that blocks all traffic except from your LAN.

And now you change your mind again to blocking all access from your LAN?

Could you PLEASE state what exactly you want to do:
1. block access to port 25 from anywhere
2. block access to port 25 from anywhere except your LAN
3. block access to port 25 ONLY from your LAN
4. something else??

Kind regards,

Eric

varun2109 · 08-19-2009, 07:29 AM

sorry for the misunderstanding..

i want to;
1. block access to port 25 from anywhere

Thanks,

EricTRA · 08-19-2009, 07:32 AM

No worries.

Try this

Code:

iptables -A INPUT -p tcp -dport 25 -j DROP

Kind regards,

Eric

varun2109 · 08-19-2009, 07:44 AM

its not working??

chrism01 · 08-19-2009, 08:53 PM

You have to restart iptables for it to take effect. If it works, you also have to save the iptables settings, otherwise a reboot will revert to the original settings.

Note also that if you want to 'block' access to port 25 from 'anywhere', then you don't need iptables, you just don't run a server (presumably mailserver eg sendmail) on port 25; no server listening on port 25 = no way to connect on port 25, regardless of iptables.

HTH