Hi, I am having some trouble with my iptables firewall. The server is an mail server running exim and dovecot. Exim is using ports 25, 587 and 465 and dovecot on 143 and 995.
Following is the description of the firewall and the issues. * The default for filter chain is to DROP all INPUT, OUTPUT and FORWARD chain packets. *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] ............ [snipped......] ............. * I want to block all incoming and then selectively open the ports (working fine, no issues). -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT -A INPUT -i lo -s 127.0.0.1 -j ACCEPT -A INPUT -j LOG-AND-REJECT -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT * I want to block all outgoing and then selectively open ports (here is the issue). When the following rules are activated exim is not able to send any emails and I see all emails queued up for delivery. I drop these rules from the firewall and allow all OUTPUT packets, the mails go through fine. -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state NEW -p udp -m udp --dport 53 -j LOG-AND-ACCEPT # Following two ports are required for exim. -A OUTPUT -m state --state NEW -p udp -m udp --dport 25 -j LOG-AND-ACCEPT -A OUTPUT -m state --state NEW -p udp -m udp --dport 587 -j LOG-AND-ACCEPT -A OUTPUT -p icmp -j ICMP-RULES -A OUTPUT -d 127.0.0.1 -j ACCEPT -A OUTPUT -j LOG-AND-REJECT I am just wondering if I have missed some port required for SMTP communication. I tried SMTP communication using telnet and it works fine even with the firewall enabled (i.e port 25 outgoing is fine), so why is exim not able to deliver the email. I am pretty sure that this is not an exim issue but a firewall issue. Any clues as to what port I am missing in the OUTPUT chain. Regards. -- Ajitabh Pandey -- Ajitabh Pandey http://ajitabhpandey.info/ | http://unixclinic.net/ | http://buddingthoughts.info ICQ - 150615062 Registered Linux User - 240748 ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
