[NTLUG:Discuss] Redhat 7.2, iptables & qpopper
Michael Patrick
michael at techiesplace.com
Mon Feb 4 14:35:14 CST 2002
On Mon, Feb 04, 2002 at 12:11:07PM -0500, Stan Tigrett wrote:
<snip problem statement and nice supporting info>
> Here are my current iptables rules:
> #begin firewall
> modprobe iptable_nat
> /sbin/iptables -F
> /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> /sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to 192.168.1.100:80
> /sbin/iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.1 -s 192.168.1.0/24 --dport 80 -j SNAT --to 192.168.1.100
> /sbin/iptables -A INPUT -s 0/0 -p tcp --destination-port 110 -j ACCEPT
> echo 1 > /proc/sys/net/ipv4/ip_forward
> #end firewall
>
> And iptables -L yields:
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
Stan,
I notice you don't have a rule for SSH or SMTP. Why do you have an explicit rule for POP3? I tried your rule on one my systems and it didn't seem to bother anything. Are you certain pop3 is bound to EXINT? I know telnetting to it from the inside works, so that could be a non-issue.
Is it possible that your upstream provider is blocking pop3? Do you see you connection packets arrive if you run a tcpdump on the firewall while connecting?
Michael
More information about the Discuss
mailing list