well it seems you are DENYING anything on ports 0:1024 therefore if this rule is first in the chain the consecutive rules will not get executed. I guess you should rearange the order and put the smtp before you start denying the rest. -> -----Original Message----- -> From: Deepak Saxena [mailto:deepak@csociety.purdue.edu] -> Sent: Tuesday, January 09, 2001 1:17 AM -> To: plug-discuss@lists.PLUG.phoenix.az.us -> Subject: smtpd firewall rules... -> -> -> -> I'm trying to get smtpd(postfix) to receive email from the outside -> world but limiting my system to only accept things on certain ports -> for security reasons. I've only got incoming ports -> 80(http), 25(smtp), -> and 42(named, running my domain primary) open, and when I do a -> telnet to port 25 on my machine, I get zip, zero nada. If I open -> up all incoming ports, i can connect with no problem. So there must -> be something other than just port 25 that's required to access the -> mail server...however, running ethereal on my outside ethernet card -> shows no activity other than smtp and some outgoing DNS when I telnet -> in with all ports open....so what am I doing wrong. Here's a -> dump of my current IPCHAINS config: -> -> [root@arrakis dsaxena]# ipchains -L -> Chain input (policy ACCEPT): -> target prot opt source destination -> ports -> DENY tcp ------ anywhere anywhere -> any -> -> 0:1024 -> ACCEPT tcp ------ anywhere -> dyn-dsl1-148-phx.bazillion.com -> any -> smtp -> ACCEPT tcp ------ anywhere -> dyn-dsl1-148-phx.bazillion.com -> any -> nameserver -> ACCEPT tcp ------ anywhere -> dyn-dsl1-148-phx.bazillion.com -> any -> www -> Chain forward (policy ACCEPT): -> target prot opt source destination -> ports -> MASQ all ------ anywhere 192.168.0.0/24 -> n/a -> MASQ all ------ 192.168.0.0/24 anywhere -> n/a -> Chain output (policy ACCEPT): -> -> ~Deepak -> -> -- -> Deepak Saxena - deepak@csociety.purdue.edu - phone://602.790.0500 -> -> "Imagination is more important than knowledge" - Einstein -> -> ________________________________________________ -> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your -> mail doesn't post to the list quickly and you use Netscape -> to write mail. -> -> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us -> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss ->