[CentOS] iptables question
meenoo at gmail.com
Tue Oct 20 18:33:40 UTC 2009
> But these aren't SMTP connections. The source is port 25, but the
> destination is not. The mail server is running normally. I'm allowing
> new SMTP connections and traffic for established connections.
They are SMTP connections -- your server initiates a connection to
port 25 on the remote server. Thus, when the connection is set up the
remote server will be responding with source port 25 and destination
port = source port of the initiated connection.
> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> tcp dpt:25
I think the ACCEPT all line should catch these, but you might try
adding RELATED,ESTABLISHED specifically to the dpt:25 line.
> # cat /proc/sys/net/ipv4/ip_conntrack_max
Unless you're passing a lot of traffic, the conntrack_max looks okay.
>> Yet another possibility is that these are duplicated packets (for
>> whatever reason) and the connection has already been closed out.
> Possible, I guess, but I don't know what would be duplicating them.
This isn't as likely, but the remote sites could be duplicating them
-- the only way to determine if that's the case would be to sniff the
traffic and see if the remote site sends the same packet more than
More information about the CentOS