[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: Iptables
>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:
Richard> Baz Whoops ... I think that should have read as....
Richard> # mail
Richard> iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
Richard> -s 192.168.1.1/24 --dport \
Richard> mail.mailserver.co.uk --dport 25 \
Richard> -m state --state NEW, RELATED, ESTABLISHED \
Richard> -j ACCEPT
Richard> iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
Richard> -s 192.168.1.1/24 --dport \
Richard> mail.mailserver.co.uk --dport 110 \
Richard> -m state --state NEW, RELATED, ESTABLISHED \
Richard> -j ACCEPT
You're not using the --dport and --destination (-d) fields correctly.
IIRC, you're also not allowed spaces in --state lists:
'--state NEW,RELATED' is valid; '--state NEW, RELATED' is not.
Try:
# SMTP
iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
-s 192.168.1.1/24 -d mail.mailserver.co.uk \
--dport 25 -m state --state NEW,RELATED,ESTABLISHED \
-j ACCEPT
# POP3
iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
-s 192.168.1.1/24 -d mail.mailserver.co.uk \
--dport 110 -m state --state NEW,RELATED,ESTABLISHED \
-j ACCEPT
Note that using service names (pop3, smtp etc) in the --sport and
--dport fields is a valid substitution for port numbers.
Cheers,
Baz.
--
Barrie J. Bremner OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com http://barriebremner.com/
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.