Linux / UNIX Tech Support Forum
This is a discussion on Open Mail Ports within the Linux software forums, part of the Linux Getting Started category; Hello, This is my first post here, thanx to all of the stff of it. I have read the following ...
|
|||||||
| Linux software General questions and discussion about Redhat/Fedora Core/Cent OS, Debian and Ubuntu Linux related to softwares should go here. |
![]() |
|
|
LinkBack | Thread Tools | Display Modes |
|
||||
|
Hello,
This is my first post here, thanx to all of the stff of it. I have read the following article: http://www.cyberciti.biz/tips/linux-...uid-howto.html which is about making a transperent proxy using squid. Everything is fine and http is running wonderful, but the problem is how can I make clients who are connected to this server to send and recieve mail ? They are unable to do so now, I have tried alot of iptables rules still didn't get to the answer. Is there anyone who can help me ? Best Regards, ReMSiS |
| Sponsored Links | ||
|
|
|
||||
|
POP3 from Lan
Code:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT Code:
iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.0.1 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT To block Yahoo, MSN use port number with iptables
__________________
Rocky Jr. What's wrong? I hope I am not making you uncomfortable... Never send a boy to do a mans job. |
|
||||
|
Ok lets finalize the case my script shall be like this:
Code:
SQUID_SERVER="192.168.0.1" INTERNET="eth1" LAN_IN="eth0" SQUID_PORT="3120" iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT iptables -A INPUT -i $LAN_IN -j ACCEPT iptables -A OUTPUT -o $LAN_IN -j ACCEPT iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -jACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.1.1 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to 192.168.1.1 iptables -A OUTPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.1 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 192.168.0.0/24 --sport 1024:65535 -d 192.168.0.1 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 25 -d 192.168.0.0/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.1.2 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.1.2 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp -s 192.168.0.1/24 --sport 1024:65535 -d 192.168.0.1 --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 110 -d 192.168.0.1/24 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -j LOG iptables -A INPUT -j DROP am I right or wrong ? |
|
||||
|
By the way yesterday it worked fine using the original script
Quote:
Today it stopped working. Now only the http is working mail and others are not !!! Any suggestions ? |
|
||||
|
Ok I think I found the problem, when I was connecting from my PC on the LAN I didn't give the interface on it a DNS server IP. When I gave it a DNS Server IP which is a public IP everything went well which means that routing is working fine on my Squid Server.
The question now is: Is it right to give a DNS server IP ? or the Proxy Server must do the resolution stuff by contacting the GW ?
__________________
LivE Free 0r DiE L!nux rul3z aLL |
|
||||
|
You need to provide DNS server IP; it is legal to use DNS server. You have two choices. One is setup caching DNS server on proxy and use the same.
Second is use ISP DNS server. Both are fine. You can also use DHCP to distribute this info to windows/linux desktop system. |
![]() |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to open a port | fed111 | Web servers | 1 | 08-03-2008 11:26 PM |
| Plz help me to choose a Free Open source MAIL SERVER | kantijena | Mail Servers | 1 | 29-02-2008 07:01 PM |
| How to drop all ports except mentioned in script | deltamails | Networking, Firewalls and Security | 2 | 15-05-2007 12:54 PM |
| Linux : How do I verify which ports are listening? | sweta | Getting started tutorials | 0 | 30-07-2006 10:02 PM |
| Blocking ports in linux | raj | Linux software | 1 | 10-07-2006 07:31 PM |