954,242 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
5 Years Ago
0

iptables

Hi

I'm trying to work out some network service on smpt protocol.

I tried to follow the communication on SMTP by catching the packets with ethereal.

It is a mail client application on slackware linux - KMail.
I send a stupid mail to see how it flows over that protocol.
It didn't work. I did not catche any packets!?

So I take a look at my iptables chains:

# the policy setting
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# DNS and HTML allowed
iptables -A INPUT -p udp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# And SMPT allowed
iptables -A INPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT


I set the IP tables policy to ACCEPT on OUTPUT and INPUT, tried again and it worked!

I catched the packets communicating on port 53, 25 (DNS,SMTP) and no other.

I have this ports allowed in the iptables chains, why it is blocking the communication.

What port i'm missing??

Pls. help

slacke
Junior Poster
106 posts since Jun 2006
Reputation Points: 14
Solved Threads: 7
 
5 Years Ago
0

I got it!

these rules are only true for outgoing connection - because of [TEX]OUTPUT[/TEX] table has allowed [TEX]--dport 25[/TEX] (destination port) only.

#And SMPT allowed
iptables -A INPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT


But when there is an incoming connection from mail client the whole process is reversed.

# SMPT client calling
iptables -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT


The client has sent a packet targeted to my [TEX]INPUT[/TEX] table as to a [TEX]--dport 25[/TEX] and same reverse on [TEX]OUTPUT[/TEX] table.
It gives sense at all :confused:

Just for case if someone has the same problem.

slacke
Junior Poster
106 posts since Jun 2006
Reputation Points: 14
Solved Threads: 7
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed