Re: iptables newbie question
From: skubik (vkube_at_yahoo.com)
Date: 08/13/03
- Next message: Allan K: "scan? on increasing ports"
- Previous message: Keith Keller: "Re: Possiible Kmail virus."
- In reply to: Tim Haynes: "Re: iptables newbie question"
- Next in thread: Christian Gorecki: "Re: iptables newbie question"
- Reply: Christian Gorecki: "Re: iptables newbie question"
- Reply: Tim Haynes: "Re: iptables newbie question"
- Reply: John SMith: "Re: iptables newbie question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Aug 2003 21:17:27 GMT
On Wed, 13 Aug 2003 13:22:41 +0100, Tim Haynes wrote:
>
> You mean you're providing those services on this box?
I'm providing SSh and WWW on my box, but I use the system as my
workstation as well, so it's not a dedicated server. So those are the only
services I'm providing.
>> iptables -A INPUT -s <mail provider server> -p tcp --dport 25 -j ACCEPT
>
> I don't see that ever matching anything. Look at what you're saying:
>
> if
> it's coming into your box &&
> from your mail server &&
> protocol tcp &&
> destined for port 25
> then
> accept it
>
> I can't make out whether you should've used an OUTPUT rule and swapped -s
> to -d because you want to limit the services to which you may connect, or
> whether you're the provider controlling what stuff can come in to you.
My objective with this was only to accept packets on port 25 that are
coming from the e-mail server. I am not providing SMTP on my box, but
merely want to limit connections on that port ONLY to the e-mail server
hosting my e-mail account.
Perhaps that is the biggest problem I'm having, does the INPUT chain only
apply to anonymous outside connections made to my system, or does it also
apply to return connections made from requests on my system?
For example, on this box, if I open a browser and request yahoo.com, where
does the yahoo.com server return the information to on my system (what
port? what chain does it apply to?)
> Well, the other thing that could have been going wrong with the now-snipped
> rules is handling of return packets. If you're connecting from your box to
> a mail-server, then packets have to flow back the way as well.
Yeah, that's kinda what I mean, WHERE do those packets flow to and on what
chain?
- skubik.
- Next message: Allan K: "scan? on increasing ports"
- Previous message: Keith Keller: "Re: Possiible Kmail virus."
- In reply to: Tim Haynes: "Re: iptables newbie question"
- Next in thread: Christian Gorecki: "Re: iptables newbie question"
- Reply: Christian Gorecki: "Re: iptables newbie question"
- Reply: Tim Haynes: "Re: iptables newbie question"
- Reply: John SMith: "Re: iptables newbie question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
