On Monday 10 June 2002 10:12 pm, Felix D. Cat wrote: > I've had had no luck getting POP3/SMTP going through my RedHat 7.1 2.4 > kernel iptables box. I have been able to setup incoming FTP connections > through my firewall, but no luck on the email. Here's my script... > > #for POP3 and SMTP mail > iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 25 > iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 110 > > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j ACCEPT > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 110 -j ACCEPT > > iptables -A FORWARD -p tcp --dport 25 -j ACCEPT > iptables -A FORWARD -p tcp --dport 110 -j ACCEPT > > iptables -t nat -A POSTROUTING -p tcp --sport 25 -j ACCEPT > iptables -t nat -A POSTROUTING -p tcp --sport 110 -j ACCEPT
You have no FORWARDing rules to allow reply packets back in. You either need rules to allow packets from source port 25 & source port 110, or preferably, a single rule allowing ESTABLISHED,RELATED packets in. eg iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT Antony.
