Thank you for the answers so far. Are there any recommendations for
iptables rules from scratch for the following box function:
1. Allow incoming mail, sending and receiving.
2. Allow all traffic from the 192.168.0.250 address, sending and
receiving.
3. Allow all traffic to/from localhost
"Leon The Peon" <(E-Mail Removed)> wrote in message news:<bmd4k8$gvs$(E-Mail Removed)>...
> "Kemton" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I can't get my iptables right to allow squid to work properly. The
> > server in question doesn't perform many actions, just mail and squid.
> > All internal traffic coming to it gets NAT'd by a router to appear to
> > come from 192.168.0.250. My firewall rules are:
> >
> > [root@mail squid]# iptables -L
> > Chain INPUT (policy DROP)
> > target prot opt source destination
> > ACCEPT tcp -- anywhere anywhere tcp
> > dpt:smtp
>
> Mail will work for receiving
>
> But not for sending.
>
>
>
> > ACCEPT all -- anywhere anywhere state
> > RELATED,ESTABLISHED
>
> This one allows some IP session that is established to continue. but no sign
> of any rule to allow establishing a session.
>
>
> > ACCEPT all -- localhost anywhere
> > ACCEPT all -- 192.168.0.250 anywhere
>
> These only allow the local computers to send packets to the server.
> They dont allow the rest of the interent to send packets to the server.
>
>
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
>
>
> The only possibility you have for running squid on the same machine is to
> prevent SYN packets to your computer.
> Allow everything else but disallow syn packets, except to the mail server.
>
>
> > It always takes a long time with an iptables -L to list the last rule,
> > with 192.168.0.250. Any idea why this is happening, and can anybody
> > see anything wrong with this?
>
> Its trying to do a /etc/hosts, DNS look up and it takes a while to fail.
> put the address in /etc/hosts.
|
Similar Threads
Linear Mode
