Diff between File I ( iptablesRC ) and File II
(iptablesRC.2). File I works for incoming mail. File II does not for incoming
mail, neither does pinging to this server to its external interface NIC IP.
I could not figure out what the difference in these
port allowing, reject or accept commands which are keeping the in-coming mail
from coming on a RH Linux 7.3. Please help. Thanks.
------------------------------------------------------------------------------
[shossain@mohican shossain]$ diff
/home/admin/firewall/iptablesRC /home/admin/firewall/iptablesRC.2 |
more
162c162
< $IPTABLES -A allowed -p TCP -j REJECT
---
> $IPTABLES -A allowed -p TCP -j DROP
185,187c185,187
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1503 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3389 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5001:65535 -j allowed
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1500:65535 -j allowed
192,200c192,200
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 22 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 25 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 42 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 80 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 113 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 143 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 174 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 443 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 5001:65535 -j ACCEPT
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 22 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 25 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 42 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 80 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 113 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 143 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 174 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 443 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 1500:65535 -j ACCEPT
262d261
<
268d266
<
162c162
< $IPTABLES -A allowed -p TCP -j REJECT
---
> $IPTABLES -A allowed -p TCP -j DROP
185,187c185,187
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1503 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3389 -j allowed
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5001:65535 -j allowed
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 1500:65535 -j allowed
192,200c192,200
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 22 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 25 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 42 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 80 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 113 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 143 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 174 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 443 -j ACCEPT
< $IPTABLES -A tcp_packets -p TCP -s 0/0 --source-port 5001:65535 -j ACCEPT
---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 22 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 25 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 42 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 80 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 113 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 143 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 174 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 443 -j ACCEPT
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --sport 1500:65535 -j ACCEPT
262d261
<
268d266
<
