[Linux] firewall question
blalock@ieee.org
blalock@ieee.org
Mon, 17 Jul 2000 07:45:10 -0400
Trying to get postfix to receive mail. I get the following message in
maillog when trying to send to the domain, kerryb@basicq.com.
422.E6301@basicq.com>
Jul 17 07:34:22 basicq postfix/qmgr[5332]: ED7A9A37B:
from=<kerryb@basicq.com>, size=384 (queue active)
Jul 17 07:34:28 basicq postfix/smtp[6457]: connect to
mail.basicq.com[64.34.101.201]: Connection refused (port 25)
Jul 17 07:34:28 basicq postfix/smtp[6457]: ED7A9A37B:
to=<kerryb@basicq.com>, relay=none, delay=6, status=deferred (connect to
mail.basicq.com[64.34.101.201]: Connection refused)
In my firewall, I have the following rules;
# POP server (110)
# ----------------
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR 110 -j ACCEPT
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 110 \
--destination-port $UNPRIVPORTS -j ACCEPT
# ------------------------------------------------------------------
# SMTP server (25)
# ----------------
/sbin/ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
--source-port $UNPRIVPORTS \
-d $IPADDR 25 -j ACCEPT
/sbin/ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s $IPADDR 25 \
--destination-port $UNPRIVPORTS -j ACCEPT
==============
With the following definitions;
EXTERNAL_INTERFACE="eth1" # Internet connected interface
LOOPBACK_INTERFACE="lo" # or your local naming
convention
LOCAL_INTERFACE_1="eth0" # internal LAN interface
IPADDR="64.34.101.201" # your IP address
LOCALNET_1="192.168.10.0/24" # whatever private range you use
UNPRIVPORTS="1024:65535" # unprivileged port range
I have the following before the rules;
echo 1 > /proc/sys/net/ipv4/ip_forward
And the following after the rules;
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.10.5/24 -j MASQ
Does this look right to allow mail through the firewall box, back to the
mail server?
Thanks,
Kerry