Mail problems through IPTABLES

Mail problems through IPTABLES

Post by Patric » Tue, 11 Mar 2003 20:56:13



Hello,

I'm having problems sending mail from my server.  I can overcome the problem
if I set the policy on my INPUT table to ACCEPT, but for several reasons I
prefer to have the policy set to DROP.  My IPTABLES policy statements are as
follows:

IPTABLES -P INPUT DROP
IPTABLES -P FORWARD ACCEPT
IPTABLES -P OUTPUT ACCEPT

When I change the policy to ACCEPT on the input chain I can send mail fine
but when I set to policy to DROP the mail gets hung up in the mail queue.  I
added the following rules:

IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
IPTABLES -A -i lo -m state --state NEW -j ACCEPT

but still can't send mail which originates locally when I set the policy on
the INPUT chain to DROP.  I'm sure this is something simple but I've been
unable to find any FAQ's that address this issue.

Help!

Thanks,

Patrick

 
 
 

Mail problems through IPTABLES

Post by deje1 » Wed, 12 Mar 2003 14:02:34


try forwarding udp also.

> Hello,

> I'm having problems sending mail from my server.  I can overcome the problem
> if I set the policy on my INPUT table to ACCEPT, but for several reasons I
> prefer to have the policy set to DROP.  My IPTABLES policy statements are as
> follows:

> IPTABLES -P INPUT DROP
> IPTABLES -P FORWARD ACCEPT
> IPTABLES -P OUTPUT ACCEPT

> When I change the policy to ACCEPT on the input chain I can send mail fine
> but when I set to policy to DROP the mail gets hung up in the mail queue.  I
> added the following rules:

> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
> IPTABLES -A -i lo -m state --state NEW -j ACCEPT

> but still can't send mail which originates locally when I set the policy on
> the INPUT chain to DROP.  I'm sure this is something simple but I've been
> unable to find any FAQ's that address this issue.

> Help!

> Thanks,

> Patrick


 
 
 

Mail problems through IPTABLES

Post by acruxi » Wed, 12 Mar 2003 17:13:57



> Hello,

> I'm having problems sending mail from my server.  I can overcome the problem
> if I set the policy on my INPUT table to ACCEPT, but for several reasons I
> prefer to have the policy set to DROP.  My IPTABLES policy statements are as
> follows:

> IPTABLES -P INPUT DROP
> IPTABLES -P FORWARD ACCEPT
> IPTABLES -P OUTPUT ACCEPT

> When I change the policy to ACCEPT on the input chain I can send mail fine
> but when I set to policy to DROP the mail gets hung up in the mail queue.  I
> added the following rules:

> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
> IPTABLES -A -i lo -m state --state NEW -j ACCEPT

> but still can't send mail which originates locally when I set the policy on
> the INPUT chain to DROP.  I'm sure this is something simple but I've been
> unable to find any FAQ's that address this issue.

> Help!

> Thanks,

> Patrick

try

IPTABLES -A **INPUT** -i lo -m state --state NEW -j ACCEPT

 
 
 

Mail problems through IPTABLES

Post by jack » Wed, 12 Mar 2003 18:56:36



> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT

Try this: Replace "dport" with "sport". Your box will connect to the
SMTP server port 25 from an arbitrary local port. The server will re-
ply from port 25. So it is the _source_ port that You know, not the
arbitrary port on Your local machine which will be different for each
connection.

You could also try with a state rule like "ESTABLISHED".

Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

 
 
 

1. using iptables to route thru specific interface?

Hi,

I have recently discovered that my ISP, who provides me with a vpn
tunnel for reception, is filtering out smtp, dns, telnet, ping and
other packets. Thus I can not telnet into my machine from the outside
even though I also have a DSL line to that server (that I use for
sending out thru).
This is set up on RH 7.1, using PPTP for the tunnel.
So what happens in a ping for example is this:
I ping from outside and it enters on eth0 which is the DSL connection.
The server sends a pong-reply but the reply is sent to the default
route which points to the VPN server thru ppp0.
The reply gets dropped in the VPN server.

So what I need is something that makes the reply packet bypass the
normal default route and go straight to the sender.
Someone told me I should be able to do this with iptables, but as I am
new to it I am not sure how.
Should I use DNAT? or mark the packages or what? I have read up on it
but am still confused.
Can this be done with ipchains?
I am sure someone has done the same before, maybe someone knows of a
good description on exactly what to do?

Best regards,
Tobias Skytte

2. subdomain

3. ftpd error thru iptables

4. dhclient blues

5. iptables not filtering packets thru bridge

6. kill -HUP <pid of inetd> doesn't work

7. Use iptables to telnet from one machine thru linux to another

8. Audio Capture

9. IRC DCC send thru iptables

10. FreeS/Wan & iptables -- fwd Web traffic thru tunnel

11. Is 64-bit Linux "true" 64 bit thru-and-thru??

12. IPTABLES problem with iptables: Index of insertion too big

13. Sendmail & Internet mail thru POP3 server - How ?