Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables blocking email to server

Status
Not open for further replies.
ThomasJSmart

ThomasJSmart

Programmer
Sep 16, 2002
634
I am at a bit of a loss with iptables.
the main application running on this server requires certain settings in iptables but there are so many settings im not sure what is what.

it generally works fine though the only problem at the moment seems to be that it is blocking the server from receiving emails and i am not sure how to go about fixing that. (im almost sure its iptables because when i stop iptables email is received just fine).

this is the full settings list. If anyone could tell me which commands to enter to get receiving email working that would be awesome. Thanks!

Code: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
acctboth   all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  0.0.0.0/8            anywhere            
DROP       all  --  100.64.0.0/10        anywhere            
DROP       all  --  127.0.0.0/8          anywhere            
DROP       all  --  169.254.0.0/16       anywhere            
DROP       all  --  192.0.0.0/24         anywhere            
DROP       all  --  192.0.2.0/24         anywhere            
DROP       all  --  198.18.0.0/15        anywhere            
DROP       all  --  198.51.100.0/24      anywhere            
DROP       all  --  203.0.113.0/24       anywhere            
DROP       all  --  base-address.mcast.net/4  anywhere            
DROP       all  --  240.0.0.0/4          anywhere            
TMP_DROP   all  --  anywhere             anywhere            
TALLOW     all  --  anywhere             anywhere            
TDENY      all  --  anywhere             anywhere            
TGALLOW    all  --  anywhere             anywhere            
TGDENY     all  --  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn 
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn 
DROP       tcp  --  anywhere             anywhere            tcp dpt:login 
DROP       udp  --  anywhere             anywhere            udp dpt:who 
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs 
DROP       udp  --  anywhere             anywhere            udp dpt:router 
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s 
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m 
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m 
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent 
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock 
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge 
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge 
IN_SANITY  all  --  anywhere             anywhere            
FRAG_UDP   all  --  anywhere             anywhere            
PZERO      all  --  anywhere             anywhere            
P2P        all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sunrpc 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:nfs 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:infowave 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:radsec 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:gnunet 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:eli 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:nbx-ser 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:nbx-dir 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ndmp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:scp-config 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10002 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10003 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10005 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:892 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:filenet-rpc 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:32803 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pftp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:sunrpc 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:nfs 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ndmp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:scp-config 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:10002 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:10003 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:10005 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:892 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:filenet-rpc 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:32803 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:pftp 
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable limit: avg 30/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere            icmp redirect limit: avg 30/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded limit: avg 30/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply limit: avg 30/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere            icmp type 30 limit: avg 30/sec burst 5 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 30/sec burst 5 
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN state NEW 
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  resolver.[DATACENTER].net   anywhere            udp spt:domain dpts:1023:65535 
ACCEPT     tcp  --  resolver.[DATACENTER].net   anywhere            tcp spt:domain dpts:1023:65535 
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535 
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535 
ACCEPT     udp  --  resolver.[DATACENTER].net   anywhere            udp spt:domain dpts:1023:65535 
ACCEPT     tcp  --  resolver.[DATACENTER].net   anywhere            tcp spt:domain dpts:1023:65535 
DROP       tcp  --  anywhere             anywhere            tcp spt:domain dpts:1023:65535 
DROP       udp  --  anywhere             anywhere            udp spt:domain dpts:1023:65535 
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp spts:1024:65535 dpt:ssh flags:FIN,SYN,RST,ACK/SYN state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ssh state ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534 
DROP       tcp  --  anywhere             anywhere            
DROP       udp  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
acctboth   all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
DROP       all  --  anywhere             0.0.0.0/8           
DROP       all  --  anywhere             100.64.0.0/10       
DROP       all  --  anywhere             127.0.0.0/8         
DROP       all  --  anywhere             169.254.0.0/16      
DROP       all  --  anywhere             192.0.0.0/24        
DROP       all  --  anywhere             192.0.2.0/24        
DROP       all  --  anywhere             198.18.0.0/15       
DROP       all  --  anywhere             198.51.100.0/24     
DROP       all  --  anywhere             203.0.113.0/24      
DROP       all  --  anywhere             base-address.mcast.net/4 
DROP       all  --  anywhere             240.0.0.0/4         
TMP_DROP   all  --  anywhere             anywhere            
TALLOW     all  --  anywhere             anywhere            
TDENY      all  --  anywhere             anywhere            
TGALLOW    all  --  anywhere             anywhere            
TGDENY     all  --  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere            tcp dpts:epmap:netbios-ssn 
DROP       udp  --  anywhere             anywhere            udp dpts:epmap:netbios-ssn 
DROP       tcp  --  anywhere             anywhere            tcp dpt:login 
DROP       udp  --  anywhere             anywhere            udp dpt:who 
DROP       tcp  --  anywhere             anywhere            tcp dpt:efs 
DROP       udp  --  anywhere             anywhere            udp dpt:router 
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-s 
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-s 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ms-sql-m 
DROP       udp  --  anywhere             anywhere            udp dpt:ms-sql-m 
DROP       tcp  --  anywhere             anywhere            tcp dpt:search-agent 
DROP       udp  --  anywhere             anywhere            udp dpt:search-agent 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ingreslock 
DROP       udp  --  anywhere             anywhere            udp dpt:ingreslock 
DROP       tcp  --  anywhere             anywhere            tcp dpt:ctx-bridge 
DROP       udp  --  anywhere             anywhere            udp dpt:ctx-bridge 
OUT_SANITY  all  --  anywhere             anywhere            
FRAG_UDP   all  --  anywhere             anywhere            
PZERO      all  --  anywhere             anywhere            
P2P        all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:1024:65535 state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:1024:65535 state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             resolver.[DATACENTER].net  udp spts:1023:65535 dpt:domain 
ACCEPT     tcp  --  anywhere             resolver.[DATACENTER].net  tcp spts:1023:65535 dpt:domain 
ACCEPT     udp  --  anywhere             resolver.[DATACENTER].net  udp spts:1023:65535 dpt:domain 
ACCEPT     tcp  --  anywhere             resolver.[DATACENTER].net  tcp spts:1023:65535 dpt:domain 
ACCEPT     udp  --  anywhere             resolver.[DATACENTER].net  udp spts:1023:65535 dpt:domain 
ACCEPT     tcp  --  anywhere             resolver.[DATACENTER].net  tcp spts:1023:65535 dpt:domain 
ACCEPT     udp  --  anywhere             resolver.[DATACENTER].net  udp spts:1023:65535 dpt:domain 
ACCEPT     tcp  --  anywhere             resolver.[DATACENTER].net  tcp spts:1023:65535 dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            multiport dports ftp,ftp-data state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:traceroute:33534 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 

Chain FRAG_UDP (2 references)
target     prot opt source               destination         
DROP       udp  -f  anywhere             anywhere            

Chain IN_SANITY (1 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN 
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN 

Chain OUT_SANITY (1 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN/FIN,SYN 
DROP       tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,RST/FIN,RST 
DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,ACK/FIN 
DROP       tcp  --  anywhere             anywhere            tcp flags:PSH,ACK/PSH 
DROP       tcp  --  anywhere             anywhere            tcp flags:ACK,URG/URG 

Chain P2P (2 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            tcp dpt:kazaa reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:kazaa reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:kazaa dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:3d-nfsd reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:3d-nfsd reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:3d-nfsd dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:smaclmgr:traversal reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:smaclmgr:traversal dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6257 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6257 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:6257 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:6699 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:6699 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:6699 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-rtr reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-rtr reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-rtr dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpts:6881:6889 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:6881:6889 dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:gnutella-svc reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:gnutella-svc reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:gnutella-svc dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:interwise reject-with icmp-port-unreachable 
REJECT     tcp  --  anywhere             anywhere            tcp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spts:1024:65534 dpt:interwise reject-with icmp-port-unreachable 
REJECT     udp  --  anywhere             anywhere            udp spt:interwise dpts:1024:65534 reject-with icmp-port-unreachable 

Chain PROHIBIT (0 references)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain PZERO (2 references)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere            tcp dpt:0 
DROP       udp  --  anywhere             anywhere            udp dpt:0 
DROP       tcp  --  anywhere             anywhere            tcp spt:0 
DROP       udp  --  anywhere             anywhere            udp spt:0 

Chain RESET (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset 

Chain TALLOW (2 references)
target     prot opt source               destination         

Chain TDENY (2 references)
target     prot opt source               destination         

Chain TGALLOW (2 references)
target     prot opt source               destination         

Chain TGDENY (2 references)
target     prot opt source               destination         

Chain TMP_DROP (2 references)
target     prot opt source               destination         

Chain acctboth (2 references)
target     prot opt source               destination         
           tcp  --  os.[OURDOMAIN].net    anywhere            tcp dpt:http 
           tcp  --  anywhere             os.[OURDOMAIN].net   tcp spt:http 
           tcp  --  os.[OURDOMAIN].net    anywhere            tcp dpt:smtp 
           tcp  --  anywhere             os.[OURDOMAIN].net   tcp spt:smtp 
           tcp  --  os.[OURDOMAIN].net    anywhere            tcp dpt:pop3 
           tcp  --  anywhere             os.[OURDOMAIN].net   tcp spt:pop3 
           icmp --  os.[OURDOMAIN].net    anywhere            
           icmp --  anywhere             os.[OURDOMAIN].net   
           tcp  --  os.[OURDOMAIN].net    anywhere            
           tcp  --  anywhere             os.[OURDOMAIN].net   
           udp  --  os.[OURDOMAIN].net    anywhere            
           udp  --  anywhere             os.[OURDOMAIN].net   
           all  --  os.[OURDOMAIN].net    anywhere            
           all  --  anywhere             os.[OURDOMAIN].net   
           tcp  --  o-ns2.[OURDOMAIN].net  anywhere            tcp dpt:http 
           tcp  --  anywhere             o-ns2.[OURDOMAIN].net tcp spt:http 
           tcp  --  o-ns2.[OURDOMAIN].net  anywhere            tcp dpt:smtp 
           tcp  --  anywhere             o-ns2.[OURDOMAIN].net tcp spt:smtp 
           tcp  --  o-ns2.[OURDOMAIN].net  anywhere            tcp dpt:pop3 
           tcp  --  anywhere             o-ns2.[OURDOMAIN].net tcp spt:pop3 
           icmp --  o-ns2.[OURDOMAIN].net  anywhere            
           icmp --  anywhere             o-ns2.[OURDOMAIN].net 
           tcp  --  o-ns2.[OURDOMAIN].net  anywhere            
           tcp  --  anywhere             o-ns2.[OURDOMAIN].net 
           udp  --  o-ns2.[OURDOMAIN].net  anywhere            
           udp  --  anywhere             o-ns2.[OURDOMAIN].net 
           all  --  o-ns2.[OURDOMAIN].net  anywhere            
           all  --  anywhere             o-ns2.[OURDOMAIN].net 
           all  --  anywhere             anywhere

site | / blog |
 
Sort by date Sort by votes
I believe iptables reads your config from top to bottom so make sure you are not dropping anything before the smtp rule.

Try putting the smtp rule towards the top.
 
Upvote 0 Downvote
I agree with gorge544, in fact this looks like it could be your problem:
Code: 
DROP       tcp  --  anywhere             anywhere            
DROP       udp  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp

Looking at your IPTables configuration, I would seriously advocate a massive overhaul of it. I would suggest you start by identifying what you need to accomplish, as in what traffic you want to allow. Keep the focus on what you want to allow don't worry about what you want to drop. Once you have identified this, write a new IPTables configuration that sets the policy to accept so that you can safely flush the rules without losing connection, write a line for your accepts, and then create a default DROP rule. Realize, that this will allow only what you specify and remove everything else. Hence it will no longer be necessary to have specialized rules for things like "reject kazaa" as they will be completely redundant. Also keep in mind that each rule consumes (processing) resources and the simpler you can make your table the better. Another example is the code section I quoted above. Notice that you have three rules, drop TCP, drop UDP, and DROP ALL. Unless these are different interfaces, this is uselessly redundant and the drop all would suffice.

Here is an excellent IPTables tutorial. If you Google "bodhi zazen iptables" you will find this one, as well as his others that will be of benefit to you.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
156
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
176
MP2023
MP2023
bk Patel
  • Locked
  • Question
Openscape 4000 Eco Server
Replies
3
Views
242
bk Patel
bk Patel
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
210
SamBones
SamBones
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
233
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top