Re: [SM-USERS] [Fwd: Using Squirrelmail and iptables]

Courier Thu, 20 Mar 2003 17:20:25 -0800

Please send your:

iptable -L  output to the group. Maybe some one will help you out.


snip----
Also I am unable to telnet into the localhost port (ie.. telnet localhost
25).

This seems to be you don't have smtp service running. So can you:

cat /etc/xinetd.d/smtp output to the group.

I am using qmail so it may be different than you and here is mine:

service smtp
{
        disable = no
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = qmaild
        server                  = /usr/sbin/tcpd
        server_args             = /var/qmail/bin/qmail-smtpd
}

Vinh


>
> Does anyone have any suggestions.
>
>  When I have my firewall up and running with the beneath rules  I am
> able
> to connect to the
> login page and login , but after logging in I get an error
> msg:"unablesqm to connect to your mail server".
>
> When I drop the firewall everything works OK.  Also I am unable to
> telnet into the localhost port (ie..
> telnet localhost 25).
>
> What could it be?
>
>
> Thx,
>
>
> Subject: Re: [SM-USERS] Using Squirrelmail and iptables
> From: <[EMAIL PROTECTED]>
> Date: Wed, March 19, 2003 5:24 pm
> To: <[EMAIL PROTECTED]>
>
>> Hello Cedric,
>> On Wednesday, March 19, 2003, Cedric Brown wrote...
>>
>>> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 143
>>> -j ACCEPT
>>
>> Did you set SquirrelMail to connect on localhost? If so, you're
>> missing a rule to allow all from localhost... localhost doesn't run
>> over eth0. Although, if this is all of your rules, then what you setup
>> is rather pointless as there doesn't seem to be any blocking rules.
>>
>> --
>> Jonathan Angliss
>> ([EMAIL PROTECTED])
> Beneath is a copy of my firewall script.  Unless I am missing something
> I am allowing localhost out, but when I try to telnet into any port from
> localhost (ie...telnet localhost 25) it times out.  Plz advise.
>
> # (1) Policies (default)
>
> iptables -P INPUT DROP
> #iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
>
> # (2) User-defined chains for ACCEPTed TCP packets
>
> #iptables -N okay
> #iptables -A okay -p TCP --syn -j ACCEPT
> #iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
> #iptables -A okay -p TCP -j DROP
>
> # (3) INPUT chain rules
>
> # Rules for incoming packets from LAN
>
> ###Rejected Addresses
> #iptables -A INPUT -p all -i eth1 -s XXX.XXX.XXX.XXX-j REJECT
>
> ###Allowed Addresses
>
> iptables -A INPUT -p all -i eth1 -s XXX.XXX.0.0/16 -j ACCEPT
> iptables -A INPUT -p all -i l0 -s 127.0.0.1 -j ACCEPT
> iptables -A INPUT -p all -i l0 -s xxx.xxx.xxx.xxx -j ACCEPT
> iptables -A INPUT -p all -i l0 -s xxx.xxx.xxx.xxx -j ACCEPT
> iptables -A INPUT -p all -i eth1 -s 172.24.255.255 -j ACCEPT
>
> # Packets for established connections
> #iptables -A INPUT -p ALL -d xxx.xxx.xxx.xxx -m state --state
> ESTABLISHED,RELATED -j ACCEPT
>
> #Added by SLS on 1/20/03
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # TCP Rules
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 21 -j
> ACCEPT iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port
> 22 -j ACCEPT iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0
> --destination-port 80 -j ACCEPT iptables -A INPUT -p TCP -i eth0 -s
> 0.0.0.0/0 --destination-port 443 -j ACCEPT
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 110 -j
> ACCEPT
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 1812 -j
> ACCEPT
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 1813 -j
> ACCEPT
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 25 -j
> ACCEPT #Added by CB on 1/9/03
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 143 -j
> ACCEPT
> #Added by SLS on 1/20/03
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 51075
> -j ACCEPT
> iptables -A INPUT -p TCP -i eth0 -s 0.0.0.0/0 --destination-port 993 -j
> ACCEPT
>
> # UDP rules
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 53 -j
> ACCEPT iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port
> 1812 -j ACCEPT
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 1813 -j
> ACCEPT
> #Added by CB on 1/9/03
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 143 -j
> ACCEPT
> #Added by CB on 1/31/03
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 21 -j
> ACCEPT
>
> #Added by SLS on 1/20/03
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 993 -j
> ACCEPT
>
> #Added by SLS on 03/11/03
> iptables -A INPUT -p UDP -i eth0 -s 0.0.0.0/0 --destination-port 51075
> -j ACCEPT
>
> # ICMP rules
> iptables -A INPUT -p ICMP -i eth0 -s 0.0.0.0/0 --icmp-type 8 -j ACCEPT
> iptables -A INPUT -p ICMP -i eth0 -s 0.0.0.0/0 --icmp-type 11 -j ACCEPT
>
> # (4) FORWARD chain rules
> #Accept the packets we want to forward
>
> ###Rejected Addresses
>
> #iptables -A FORWARD -i eth0 -s -j REJECT
>
> ###Allowed Addresses
>
> iptables -A FORWARD -i eth1 -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # (5) OUTPUT chain rules
> # Only output packets with local addresses (no spoofing)
> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED
> iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
> iptables -A OUTPUT -p ALL -s xxx.xxx.xxx.xxx -j ACCEPT
> iptables -A OUTPUT -p ALL -s 172.24.10.10 -j ACCEPT
>
> # (6) POSTROUTING chain rules
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
> xxx.xxx.xxx.xxx
>
> ### Port Forwarding ###
> iptables -t nat -A PREROUTING  -p tcp -d xxx.xxx.xxx.xxx --dport 51075
> -j DNAT --to-destination 172.24.10.11
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Tablet PC.
> Does your code think in ink? You could win a Tablet PC.
> Get a free Tablet PC hat just for playing. What are you waiting for?
> http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
> --
> squirrelmail-users mailing list
> List Address: [EMAIL PROTECTED]
> List Archives:
> http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info:
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users





-------------------------------------------------------
This SF.net email is sponsored by: Tablet PC.  
Does your code think in ink? You could win a Tablet PC. 
Get a free Tablet PC hat just for playing. What are you waiting for? 
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Re: [SM-USERS] [Fwd: Using Squirrelmail and iptables]

Reply via email to