General discussion

Locked

linux firewall operational

By manoj_u_99 ·
hello ,
i have implemented a firewall using ipchains with kernel 2.1.12 but i have a problem.the emails from outside mail servers like yahoo or hotmail does not reach the internal mail servers in the lan .
please do give a solution of how to write the script to enable this .
any help is welcome .
thank u.

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

linux firewall operational

by Astute In reply to linux firewall operationa ...

U need to accept smtp connections form the external world ...
so add this rule

# Allow email connections to outside email servers
/sbin/ipchains -A my-chain -s 192.1.2.10 -d 0.0.0.0/0 smtp -j ACCEPT

Hope this helps :)
Thanks
sharan

Collapse -

linux firewall operational

by manoj_u_99 In reply to linux firewall operationa ...

The question was auto-closed by TechRepublic

Collapse -

linux firewall operational

mine (script) works fine with all mail servers & messengers, yahoo games, dialpad.com, etc.
here it is:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -A input -p TCP -d 127.0.0.1/24 www -j ACCEPT
/sbin/ipchains -A input -p TCP -d 192.168.1.0/24 www -j ACCEPT
/sbin/ipchains -A input -p TCP -d any/0 www -j REDIRECT 3128
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains-P forward DENY
/sbin/ipchains -A forward -s 192.168.1.1/24 -j MASQ

it's very simple but works fine
good luck!

Luis

Collapse -

linux firewall operational

sorry, last line should read
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ

and i use default squid port (312

hope it works 4 u

Collapse -

linux firewall operational

by manoj_u_99 In reply to linux firewall operationa ...

The question was auto-closed by TechRepublic

Collapse -

linux firewall operational

by rory.plaire In reply to linux firewall operationa ...

Hi,

I think shrankumar's answer is almost right, what it is missing is the reverse, or outbound connection to the server. In the following, mychain can be any use chain or built-in chain like input or forward.
Try: /sbin/ipchains -A mychain -p tcp -b -s <your lan ip/subnet> www -d 0/0 -j ACCEPT
(added is the -b switch for a bidirectional connection)

-also-
since hotmail (presumably also yahoo) is an https:// connection you will need /sbin/ipchains -A mychain -p tcp -b -s <your lan ip/subnet> 443 -d 0/0 -j ACCEPT
(port 443 is the SSL port for http )

Note: to make it more secure against a DoS, accept only connections without the SYN bit set. You will need two statements, then, for each connection. Like: /sbin/ipchains -A mychain -p tcp -s <your lan ip/subnet> 443 -d 0/0 www -j ACCEPT, and then: /sbin/ipchains -A mychain -p tcp ! -y -s 0/0 443 -d <your lan ip/subnet> -j ACCEPT

Collapse -

linux firewall operational

by manoj_u_99 In reply to linux firewall operationa ...

The question was auto-closed by TechRepublic

Collapse -

linux firewall operational

by manoj_u_99 In reply to linux firewall operationa ...

This question was auto closed due to inactivity

Back to Linux Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums