I run my mail server on CENTOS 7. The server is modem/router and as such has two NICs; internal and external. Since migrating to iptables, I cannot access the mail server anymore; nor telnet, neither web client. My webserver works just fine. I can't find an error message in /var/log/maillog or /var/log/messages.
I'd appreciate if somebody could go through the lines underneath and tell me if I am missing a port or has some other idea why this is not working. The firewll script has several chapters: * Remove all previous rules, and delete any user defined chains * Set the default policies to drop * Loopback device OK * Allow all ICMP Traffic - IN, OUT and THROUGH * Allow all Internal traffic to Server * Allow ALL packets out the external device * MASQUERADING: All packets from the internal network will appear as if they had originated from the firewall. * Allow ALL EXT packets if a connection already exists And then I open selectively ports, these are the once for the mail server, # POP3 iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 110 -j ACCEPT iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 995 -j ACCEPT # IMAP iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 143 -j ACCEPT iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 993 -j ACCEPT # SMTP iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT # Submission iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 587 -j ACCEPT Thank you Wolfgang -- Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
