Re: Help with POP3/SMTP and MASQ

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Payal <rpayal@indiainfo.com>
To: netfilter@lists.samba.org
Subject: Re: Help with POP3/SMTP and MASQ
Date: Tue, 11 Jun 2002 19:24:41 +0530	[thread overview]
Message-ID: <ae4vrl$2a2$2@main.gmane.org> (raw)
In-Reply-To: <F21XZZTHfyQgeDKvPEk0000a6ad@hotmail.com>

Hi,
I am very very new to iptables. But I think smtp and pop should be left to 
mail server + tcpd [i.e hosts.allow and hosts.deny].
-Payal
On Tuesday 11 June 2002 03:07 am, you wrote:
> Hello...
> I've had had no luck getting POP3/SMTP going through my RedHat 7.1 2.4
> kernel iptables box.  I have been able to setup incoming FTP connections
> through my firewall, but no luck on the email.  Here's my script...I've
> pretty much added alot of extra stuff hoping that something would work and
> I could figure it out from there, but so far nothings worked.  I must be
> missing something obvious!
>
> Any help is appreciated, and thanks to everyone who takes the time to
> respond!
>
>
> #Beginning of script
> #this was from someone's sample script..to load the modules.
>
> /sbin/modprobe ip_tables
> /sbin/modprobe ip_conntrack
> /sbin/modprobe iptable_filter
> /sbin/modprobe iptable_mangle
> /sbin/modprobe iptable_nat
> /sbin/modprobe ipt_LOG
> /sbin/modprobe ipt_limit
> /sbin/modprobe ipt_state
>
> #
> # 2.2 Non-Required modules
> #
>
> #/sbin/modprobe ipt_owner
> #/sbin/modprobe ipt_REJECT
> #/sbin/modprobe ipt_MASQUERADE
> #/sbin/modprobe ip_conntrack_ftp
> #/sbin/modprobe ip_conntrack_irc
>
>
>
> #some basic MASQ stuff so I can hit the internet!
> cp /home/main/ip_forward /proc/sys/net/ipv4
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> #rules for ftp in...working right now
>
> iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
> iptables -A FORWARD -p tcp --dport 20 -j ACCEPT
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j DNAT --to
> 10.0.0.7:21
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 20 -j DNAT --to
> 10.0.0.7:20
>
> iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 21 -j ACCEPT
> iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 20 -j ACCEPT
>
> #rules for FTP out... NOT USED!!!!!!!!!
> #iptables -t nat -A POSTROUTING -p tcp --sport 21 -j ACCEPT
> #iptables -t nat -A POSTROUTING -p tcp --sport 20 -j ACCEPT
> #iptables -A INPUT -p tcp --sport 21 -j ACCEPT
> #iptables -A INPUT -p tcp --sport 20 -j ACCEPT
>
> #iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT
> #iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
>
>
> #for POP3 and SMTP mail
> iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 25
> iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 110
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 110 -j ACCEPT
>
> iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
> iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -p tcp --sport 25 -j ACCEPT
> iptables -t nat -A POSTROUTING -p tcp --sport 110 -j ACCEPT
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

next prev parent reply	other threads:[~2002-06-11 13:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-10 21:37 Help with POP3/SMTP and MASQ Linux Tek
2002-06-10 22:17 ` Michael Hudin
2002-06-11  2:21 ` Matthew Hellman
2002-06-11 13:54 ` Payal [this message]
     [not found] ` <200206111923.23006@.>
2002-06-11 20:26   ` Tony Earnshaw
  -- strict thread matches above, loose matches on Subject: below --
2002-06-10 21:12 Felix D. Cat
2002-06-13 18:58 ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='ae4vrl$2a2$2@main.gmane.org' \
    --to=rpayal@indiainfo.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.