[CentOS] iptables question

Bowie Bailey Bowie_Bailey at BUC.com
Tue Oct 20 19:39:10 UTC 2009

Meenoo Shivdasani wrote:
>> But these aren't SMTP connections.  The source is port 25, but the
>> destination is not.  The mail server is running normally.  I'm allowing
>> new SMTP connections and traffic for established connections.
> They are SMTP connections -- your server initiates a connection to
> port 25 on the remote server.  Thus, when the connection is set up the
> remote server will be responding with source port 25 and destination
> port = source port of the initiated connection.

I understand that.  What I meant was that iptables will not see them as
SMTP connections since the destination is not port 25.

>> ACCEPT     all  --             state
>> ACCEPT     tcp  --             state NEW
>> tcp dpt:25
> I think the ACCEPT all line should catch these, but you might try
> adding RELATED,ESTABLISHED specifically to the dpt:25 line.

Which will not match these connections since the dest port is not 25.  I
could put a RELATED, ESTABLISHED line in for source port 25, but as you
said, the "ACCEPT all" line should catch them anyway.


