Member Avatar for slacke

Hi

I'm trying to work out some network service on smpt protocol.

I tried to follow the communication on SMTP by catching the packets with ethereal.

It is a mail client application on slackware linux - KMail.
I send a stupid mail to see how it flows over that protocol.
It didn't work. I did not catche any packets!?

So I take a look at my iptables chains:

# the policy setting
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# DNS and HTML allowed
iptables -A INPUT -p udp --sport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

# And SMPT allowed
iptables -A INPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

I set the IP tables policy to ACCEPT on OUTPUT and INPUT, tried again and it worked!

I catched the packets communicating on port 53, 25 (DNS,SMTP) and no other.

I have this ports allowed in the iptables chains, why it is blocking the communication.

What port i'm missing??

Pls. help

  • 1 Contributor
  • 1 Reply
  • 114 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by slacke
Member Avatar for slacke

I got it!

these rules are only true for outgoing connection - because of OUTPUT table has allowed --dport 25 (destination port) only.

#And SMPT allowed
iptables -A INPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

But when there is an incoming connection from mail client the whole process is reversed.

# SMPT client calling
iptables -A INPUT -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

The client has sent a packet targeted to my INPUT table as to a --dport 25 and same reverse on OUTPUT table.
It gives sense at all :confused:

Just for case if someone has the same problem.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.