[CentOS] iptables question
Bowie Bailey
Bowie_Bailey at BUC.com
Tue Oct 20 18:39:10 UTC 2009
Meenoo Shivdasani wrote:
>> But these aren't SMTP connections. The source is port 25, but the
>> destination is not. The mail server is running normally. I'm allowing
>> new SMTP connections and traffic for established connections.
>>
>
> They are SMTP connections -- your server initiates a connection to
> port 25 on the remote server. Thus, when the connection is set up the
> remote server will be responding with source port 25 and destination
> port = source port of the initiated connection.
>
I understand that. What I meant was that iptables will not see them as
SMTP connections since the destination is not port 25.
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
>> tcp dpt:25
>>
>
> I think the ACCEPT all line should catch these, but you might try
> adding RELATED,ESTABLISHED specifically to the dpt:25 line.
>
Which will not match these connections since the dest port is not 25. I
could put a RELATED, ESTABLISHED line in for source port 25, but as you
said, the "ACCEPT all" line should catch them anyway.
--
Bowie
More information about the CentOS
mailing list