Re: Iptables, tcpdump and smtp... Hmmm
From: Sangwon So (hielf@haninternet.co.kr)Date: 12/21/01
- Next message: ad: "can't get to some web sites?"
- Previous message: Bruno Wolff III: "Re: Linux vulnerability."
- In reply to: Edoardo Costa: "Iptables, tcpdump and smtp... Hmmm"
- Next in thread: Edoardo Costa: "Re: Iptables, tcpdump and smtp... Hmmm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Sangwon So" <hielf@haninternet.co.kr> Date: Fri, 21 Dec 2001 09:35:45 +0900
you must open 53 port (UDP and TCP)
"Edoardo Costa" <edoardocosta@yahoo.com> wrote in message
news:b400961b.0112201443.59cf0609@posting.google.com...
> Hi all,
> I got a little problem with my fw and I can't figure out what's wrong.
>
> I opened it up (smtp) to make sure I could send my mail:
>
> $ipt -A INPUT -v -p TCP --dport 25 -j ACCEPT
> $ipt -A OUTPUT -v -p TCP --dport 25 -j ACCEPT
>
> (short term sollution ;)
>
> My mail still doesn't go out!
> I ran a tcp dump with the firewall activated and one without. The
> mail only goes out *without* the firewall and the only difference I
> can find in the tcpdump log is that the mal isn't pushed (P flag).
>
> Can anyone tell me what I'm restricting?
>
> A sample of the tcp dumps and a cut of my fw script.
>
> Many thanks
> Ed.
>
>
> TCPDUMP with firewall:
> ----------------------
> 23:19:52.859180 < mta-v12.level3.mail.yahoo.com.smtp >
> 213-193-176-112.adsl.easynet.be.1052: . 1:1(0) ack 1 win 16944 (DF)
> 23:19:52.859180 < mta-v12.level3.mail.yahoo.com.smtp >
> 213-193-176-112.adsl.easynet.be.1052: S 665258338:665258338(0) ack
> 1313812476 win 16944 <mss 1412> (DF)
> 23:19:58.879180 < mta-v11.level3.mail.yahoo.com.smtp >
> 213-193-176-112.adsl.easynet.be.1051: R 1:1(0) ack 1 win 65535 (DF)
> 23:20:04.689180 > 213-193-176-112.adsl.easynet.be.1052 >
> mta-v12.level3.mail.yahoo.com.smtp: S 1313812475:1313812475(0) win
> 5808 <mss 1452,sackOK,timestamp 196576 0,nop,wscale 0> (DF)
>
> TCPDUMP without firewall:
> -------------------------
> 23:21:53.359180 > 213-193-176-112.adsl.easynet.be.1054 >
> mta-v18.level3.mail.yahoo.com.smtp: . 1:1(0) ack 1 win 5808 (DF)
> 23:21:53.719180 < mta-v18.level3.mail.yahoo.com.smtp >
> 213-193-176-112.adsl.easynet.be.1054: P 1:54(53) ack 1 win 16944 (DF)
> 23:21:53.719180 > 213-193-176-112.adsl.easynet.be.1054 >
> mta-v18.level3.mail.yahoo.com.smtp: . 1:1(0) ack 54 win 5808 (DF)
> 23:21:53.729180 > 213-193-176-112.adsl.easynet.be.1054 >
> mta-v18.level3.mail.yahoo.com.smtp: P 1:26(25)
>
> firewall (temp and unsecure I insist :)
> # Enable DNS
> $ipt -A INPUT -v -p UDP --sport 53 -i ppp0 -s x.x.x.x -d $WWWIF -j
> ACCEPT
> $ipt -A OUTPUT -v -p UDP --dport 53 -o ppp0 -d x.x.x.x -s $WWWIF -j
> ACCEPT
>
> # Enable SMTP - Open to the world in OUTPUT -needs securing-
> $ipt -A INPUT -v -p TCP --dport 25 -j ACCEPT
> $ipt -A OUTPUT -v -p TCP --dport 25 -j ACCEPT
>
> # Enable ICMP
> $ipt -A INPUT -v -p ICMP -j ACCEPT
> $ipt -A OUTPUT -v -p ICMP -j ACCEPT
- Next message: ad: "can't get to some web sites?"
- Previous message: Bruno Wolff III: "Re: Linux vulnerability."
- In reply to: Edoardo Costa: "Iptables, tcpdump and smtp... Hmmm"
- Next in thread: Edoardo Costa: "Re: Iptables, tcpdump and smtp... Hmmm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
