[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: Iptables

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: [Sheflug] Re: Iptables
From: Barrie Bremner <xxxxx [at] xxxxxxxxxxxxxxxxx>
Date: Sat, 4 May 2002 14:58:03 +0100
Envelope-to: <shef-lug [at] list.sheflug.org.uk>
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

>>>>> "Baz" == Barrie Bremner <baz [at] barriebremner.com> writes:

    Baz> Try:

    Baz> # SMTP
    Baz> iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
    Baz>          -s 192.168.1.1/24 -d mail.mailserver.co.uk \
    Baz>          --dport 25 -m state --state NEW,RELATED,ESTABLISHED \
    Baz>          -j ACCEPT

    Baz> # POP3

    Baz> iptables -A FORWARD -i eth0 -o ppp0 -p tcp \
    Baz>          -s 192.168.1.1/24 -d mail.mailserver.co.uk \
    Baz>         --dport 110 -m state --state NEW,RELATED,ESTABLISHED \
    Baz>          -j ACCEPT

It's just occurred to me:

Watch out for allowing new connections (--state NEW or --syn) if you
haven't specified both in- and out- interfaces.
Might be worth checking with nmap and/or telnet $pop_num.

Do have a suitable policy or other rules further up the chain to block
new connections from -i ppp0 or -s 0.0.0.0/0 ?

Baz.

-- 
Barrie J. Bremner		OpenPGP public key ID: F78CEE08
baz [at] barriebremner.com	http://barriebremner.com/


___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- [Sheflug] Re: Iptables
  - From: Richard Ibbotson

References:
- [Sheflug] Iptables
  - From: Richard Ibbotson
- [Sheflug] Iptables
  - From: Barrie Bremner
- [Sheflug] Re: Iptables
  - From: Richard Ibbotson
- [Sheflug] Re: Iptables
  - From: Barrie Bremner

Prev by Date: [Sheflug] Re: Iptables
Next by Date: [Sheflug] Re: Iptables
Previous by thread: [Sheflug] Re: Iptables
Next by thread: [Sheflug] Re: Iptables
Index(es):
- Date
- Thread