[CentOS] iptables question

Tue Oct 20 17:33:40 UTC 2009
Meenoo Shivdasani <meenoo at gmail.com>

> But these aren't SMTP connections.  The source is port 25, but the
> destination is not.  The mail server is running normally.  I'm allowing
> new SMTP connections and traffic for established connections.

They are SMTP connections -- your server initiates a connection to
port 25 on the remote server.  Thus, when the connection is set up the
remote server will be responding with source port 25 and destination
port = source port of the initiated connection.

> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW
> tcp dpt:25

I think the ACCEPT all line should catch these, but you might try
adding RELATED,ESTABLISHED specifically to the dpt:25 line.

> # cat /proc/sys/net/ipv4/ip_conntrack_max
> 63480

Unless you're passing a lot of traffic, the conntrack_max looks okay.

>
>> Yet another possibility is that these are duplicated packets (for
>> whatever reason) and the connection has already been closed out.
>>
>
> Possible, I guess, but I don't know what would be duplicating them.

This isn't as likely, but the remote sites could be duplicating them
-- the only way to determine if that's the case would be to sniff the
traffic and see if the remote site sends the same packet more than
one.

M