[CentOS] iptables

Thu May 25 17:25:24 UTC 2017
Chad Cordero <ccordero at csusb.edu>

I have an old postfix server that was historically used by the campus as an outbound gateway.  The campus is now supposed to use a different server running HAProxy with several backe-end postfix servers.  I am using iptables on CentOS 7 to log and block smtp and submission traffic not coming from my front-end HAProxy server (with a few exceptions for testing and monitoring).  What I would like to do is log and redirect the connection to the proxy server.  How do I do this?


# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.21 on Wed May 24 12:22:03 2017

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [134:13069]

:LOGGING - [0:0]

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

…

-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 587 -j ACCEPT

…

-A INPUT -j LOGGING

-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: "

-A LOGGING -j DROP

COMMIT

# Completed on Wed May 24 12:22:03 2017



---
Chad Cordero
Information Technology Consultant
Enterprise & Cloud Services
Information Technology Services
California State University, San Bernardino
5500 University Pkwy
San Bernardino, CA 92407-2393
Main Line: 909/537-7677
Direct Line: 909/537-7281
Fax: 909/537-7141
http://support.csusb.edu/

---
Disclaimer: This e-mail message is for the sole use of the intended recipient(s) and may contain confidential and privileged information protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.