- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: IPTABLES - SMTP
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 12:01 AM
тАО06-13-2007 12:01 AM
I have set my itables firewall succesfuly, everythink works, but today I have found that it stops SMTP to send the e-mails.
I dont understand why as port 25 is ACCEPTED.
If I disable the firewall then I'm able to send e-mail.If the firewall is on, then e-mails are not going outside.
I was trying to restart master as I'm using postfix, but it wont help.
The only one way to hev e e-mail going out is to disable firewall puting iptables -I INPUT -J ACCEPT.
Can enyone help ?
============================================
Chain INPUT (policy DROP 443 packets, 52393 bytes)
num pkts bytes target prot opt in out source destination
1 5009 1448K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 1685 365K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
4 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
5 2083 161K ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
6 4 192 ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state NEW
7 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state RELATED,ESTABLISHED
8 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
9 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state RELATED,ESTABLISHED
10 1 71 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
11 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state RELATED,ESTABLISHED
12 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
13 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
14 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
15 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state RELATED,ESTABLISHED
16 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
17 17 1292 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
18 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
19 188K 12M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state RELATED,ESTABLISHED
20 356 21360 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
21 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state RELATED,ESTABLISHED
22 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
23 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state RELATED,ESTABLISHED
24 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state RELATED,ESTABLISHED
26 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
27 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state RELATED,ESTABLISHED
28 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
29 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
30 4527 272K ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW
31 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
32 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state NEW
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 12:10 AM
тАО06-13-2007 12:10 AM
SolutionThere is not enough information to answer your question.
Port 25 is obviously being blocked outbound on this configuration, but your data does not indicate that.
I would guess the default OUTPUT policy is drop. Check /etc/sysconfig/iptables to see if thats true.
To fix it.
1) http://www.fs-security.com It has a gui and handles most problems easily except inbound block lists. It uses iptables commands and you can learn from it.
2) Add a rule with iptables -A OUTPUT -d all --port=25 -J ACCEPT
You'll have to play with that a bit to make the syntax work.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 01:11 AM
тАО06-13-2007 01:11 AM
Re: IPTABLES - SMTP
Chain OUTPUT (policy ACCEPT 181 packets, 13459 bytes)
pkts bytes target prot opt in out source destination
1033K 538M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
96M 131G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 01:31 AM
тАО06-13-2007 01:31 AM
Re: IPTABLES - SMTP
Try this:
telnet some.mail.host 25
If you can connect via command line, is not a firewall problem.
Check what is going on with your mails in /var/log/maillog.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 03:37 AM
тАО06-13-2007 03:37 AM
Re: IPTABLES - SMTP
/sbin/iptables -I INPUT -j ACCEPT
Then evwrythink works fine :)
telnet 217.174.xxx.xxx 25
Trying 217.174.xxx.xxx...
Connected to server217-174-xxx-xxx.live-servers.net (217.174.xxx.xxx).
Escape character is '^]'.
220 as1.markexxx.com ESMTP Postfix
And i can send e-mails.
Without that I can't e-mail nor telnet my server on 25.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 03:54 AM
тАО06-13-2007 03:54 AM
Re: IPTABLES - SMTP
Why do you use 2 rules:
13 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
14 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
Did you try to have 1 instead:
iptables -I INPUT -p tcp --dport 25 -j ACCEPT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 04:54 AM
тАО06-13-2007 04:54 AM
Re: IPTABLES - SMTP
Not working as well.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 05:59 PM
тАО06-13-2007 05:59 PM
Re: IPTABLES - SMTP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-13-2007 06:17 PM
тАО06-13-2007 06:17 PM