You have to remove the reject rules on the chain table.. because a chain in
the tables are run squentially.
So you cannot receive any incomming connection throught port 143, 993 and 21
because it was there the reject rules for all incomming connections.
It's better you move the reject rules, to the end line of the chain tables
of RH-Firewall-1-INPUT.
In most RedHat, Fedora or Centos which are using SELINUX, eventhough you
have configure your iptables correctly, you also have to modify your SELINUX
configurations, so things will run properly.
[EMAIL PROTECTED] david]# system-config-securitylevel
Run the command to activate your SELINUX rules, or disabled it ...
----- Original Message -----
From: "Ole J" <[EMAIL PROTECTED]>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Thursday, May 10, 2007 4:19 AM
Subject: Re: [qmailtoaster] Firewall rules
No, it isnt behind other firewalls.
Warren (mailing lists) wrote:
Ole J wrote:
This server has official static ip
This is my iptables:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j DROP
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j DROP
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# ftp
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 21 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 25 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 443 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 10000 --state
NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 20000 --state
NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 587 --state NEW -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# imap
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 143 --state NEW -j
ACCEPT
# imapssl
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 993 --state NEW -j
ACCEPT
# ftp
-A RH-Firewall-1-INPUT -p tcp -m tcp -m state --dport 21 --state NEW -j
ACCEPT
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
Eric "Shubes" wrote:
[EMAIL PROTECTED] wrote:
Hello,
It seems i have trouble getting my email programs to connect when i
have
the linux firewall on, centos 5 builtin firewall.
connection time out on whatever i try. pop3,imap,smtp, submission, ssl
Clues? I have checked the iptables and it should be ok, still not
( yeah i have run firewall.sh :P )
B/R
Ole J
Is your toaster on a private IP address behind a firewall? If so,
you'll
need to modify your toaster firewall.sh to allow traffic from your
local subnet.
Example (includes existing lines for reference):
## Drop all incoming fragments
iptables -A INPUT -i eth0 -f -j DROP
#
# shubes 5/16/06 - accept packets from local net
iptables -A INPUT -s 192.168.nnn.0/255.255.255.0 -j ACCEPT
#
## Drop outside packets with local addresses - anti-spoofing measure
You have your imap rules after your reject rule. That would explain imap
not working. I don't know about the rest.
W
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Please note that this message may contain confidential information. If you
have received this message by mistake, please inform the sender of the
mistake by sending a reply, then delete the message from your system
without
making, distributing or retaining any copies of it.
Although we believe that the message and any attachments are free from
viruses and other errors that might affect the computer or IT system where
it is received and read, the recipient opens the message at his or her own
risk. We assume no responsibility for any loss or damage arising from the
receipt or use of this message.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
