vedang 01-31-2008 12:05 AM

want to get SMTP and POP3 working through iptables.
I have a newly configured RHEL4 machine to work as a firewall and Proxy. Squid proxy is working just fine with all applications.

I have a ADSL router with Static WAN ip and LAN ip of the router is
LAN ip is connected to external interface of Gateway/Firewall machine ( on which i have configured squid and iptables ) whose IP is
Internal interface of the gateway machine is
I have a sendmail server with ip who sends mails to external SMTP server and uses fetchmail with POP3 protocol to fetchmails from that same external server.
I have Winproxy currently working with no problems and I want to shift to iptables .

I tried with following commands which did not work. I am a beginner of Iptables.

/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

#Port Forward SMTP to the mailserver

/sbin/iptables -t nat -A PREROUTING -p tcp -d --dport 25 -j DNAT --to-destination
/sbin/iptables -A FORWARD -p tcp -d --dport 25 -j ACCEPT

#SNAT for port 25 and 110

/sbin/iptables -t nat -A POSTROUTING -p tcp -s --dport 25 -o eth1 -j SNAT --to-source
/sbin/iptables -t nat -A POSTROUTING -p tcp -s --dport 110 -o eth1 -j SNAT --to-source

Please help me to get this problem solved.

Simon Bridge 01-31-2008 03:32 AM

From what you have shown us, I'd want to have a look at the order your rules are applied.
The environment that your rules live in can be important. eg.
Is the gateway managed by port forwarding or as a bridge?
Do you use default drop policies?
Do you accept incoming established or related packets?
Do you filter outgoing packets?

Some examples...

Your rules suggest that you expect new incoming smtp connections "unannounced"... doesn't the mail-server have to request these from the external mail-server?

vedang 01-31-2008 04:54 AM

I am totally unaware of questions you are asking.

I have started learning iptables. I am a totally fresher in iptables.
The rules I have implemented are from a book, which I tried to mould as per my metwork.

Can you provide me iptables rules for this network.

Also it will be a great help it you can tell me how to start learning iptables from scratch.

dyasny 01-31-2008 05:12 AM

have a look

JZL240I-U 02-01-2008 12:46 AM

This is the guide:

And it is really, really good.

archtoad6 02-01-2008 07:56 AM

I would have said "This is the guide: ..." :)
No argument from me, Oskar Andreasson, has been the :) iptables tutorial guru for years.

Thanks Simon & dyasny for the other links, they look interesting, too.

I hope you learn quickly & can afford down time due to mistakes -- it sounds like you're taking on a major educational experience. Good Luck.

JZL240I-U 02-01-2008 08:16 AM

Right you are. Comes from hurrying out answers. Everybody please take note: This is the guide... as archtoad6 rightly pointed out.

:p ;)

