[CentOS] iptables question

Tue Oct 20 17:00:37 UTC 2009
Bowie Bailey <Bowie_Bailey at BUC.com>

Meenoo Shivdasani wrote:
>> conversation.  The question is:  why are all of these remote servers
>> trying to make connections back to me on high-numbered ports?  Should I
>> be allowing these connections somehow?
>>     
>
> The remote server probably thinks that it's still supposed to be
> making connections back to you -- a couple of the lines you posted
> showed FIN flags indicating that the TCP connection was being shut
> down.  At that point, the mail message has already been sent.
>
> If you get REJECT messages for all SMTP connections, look at your
> iptables rules and see if you have a specific rule for smtp that only
> permits NEW conns.
>   

But these aren't SMTP connections.  The source is port 25, but the
destination is not.  The mail server is running normally.  I'm allowing
new SMTP connections and traffic for established connections.

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
tcp dpt:25

> One possibility is that iptables no longer thinks that the connection
> is active -- possibly the connection tracking database has already
> pushed that connection out.  You can check your conntrack max value
> with the command
>
> cat /proc/sys/net/ipv4/ip_conntrack_max
>   

# cat /proc/sys/net/ipv4/ip_conntrack_max
63480

> Yet another possibility is that these are duplicated packets (for
> whatever reason) and the connection has already been closed out.
>   

Possible, I guess, but I don't know what would be duplicating them.

-- 
Bowie