LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   want to get SMTP and POP3 working through iptables. (https://www.linuxquestions.org/questions/linux-server-73/want-to-get-smtp-and-pop3-working-through-iptables-617562/)

vedang 01-31-2008 12:05 AM

want to get SMTP and POP3 working through iptables.
 
I have a newly configured RHEL4 machine to work as a firewall and Proxy. Squid proxy is working just fine with all applications.

I have a ADSL router with Static WAN ip and LAN ip of the router is 172.16.0.1.
LAN ip is connected to external interface of Gateway/Firewall machine ( on which i have configured squid and iptables ) whose IP is 172.16.0.3.
Internal interface of the gateway machine is 192.168.0.114.
I have a sendmail server with ip 192.168.0.113 who sends mails to external SMTP server 65.99.240.35 and uses fetchmail with POP3 protocol to fetchmails from that same external server.
I have Winproxy currently working with no problems and I want to shift to iptables .

I tried with following commands which did not work. I am a beginner of Iptables.

/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

#Port Forward SMTP to the mailserver

/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.16.0.1 --dport 25 -j DNAT --to-destination 192.168.0.113:25
/sbin/iptables -A FORWARD -p tcp -d 192.168.0.113 --dport 25 -j ACCEPT

#SNAT for port 25 and 110

/sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.113 --dport 25 -o eth1 -j SNAT --to-source 172.16.0.1
/sbin/iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/21 --dport 110 -o eth1 -j SNAT --to-source 172.16.0.1


Please help me to get this problem solved.

Simon Bridge 01-31-2008 03:32 AM

From what you have shown us, I'd want to have a look at the order your rules are applied.
The environment that your rules live in can be important. eg.
Is the gateway managed by port forwarding or as a bridge?
Do you use default drop policies?
Do you accept incoming established or related packets?
Do you filter outgoing packets?

Some examples...
http://www.linuxquestions.org/questi...opsmtp-117588/
http://www200.pair.com/mecham/spam/d...-firewall.html
http://oceanpark.com/notes/firewall_example.html

Your rules suggest that you expect new incoming smtp connections "unannounced"... doesn't the mail-server have to request these from the external mail-server?

vedang 01-31-2008 04:54 AM

SMTP and POP3 through iptables
 
I am totally unaware of questions you are asking.

I have started learning iptables. I am a totally fresher in iptables.
The rules I have implemented are from a book, which I tried to mould as per my metwork.

Can you provide me iptables rules for this network.


Also it will be a great help it you can tell me how to start learning iptables from scratch.

dyasny 01-31-2008 05:12 AM

iptablesrocks.org

have a look

JZL240I-U 02-01-2008 12:46 AM

This is the guide:

http://iptables.rlworkman.net/iptables-tutorial.html

And it is really, really good.

archtoad6 02-01-2008 07:56 AM

I would have said "This is the guide: ..." :)
No argument from me, Oskar Andreasson, has been the :) iptables tutorial guru for years.

Thanks Simon & dyasny for the other links, they look interesting, too.

vedang,
I hope you learn quickly & can afford down time due to mistakes -- it sounds like you're taking on a major educational experience. Good Luck.

JZL240I-U 02-01-2008 08:16 AM

Right you are. Comes from hurrying out answers. Everybody please take note: This is the guide... as archtoad6 rightly pointed out.

:p ;)


All times are GMT -5. The time now is 06:32 PM.