well it seems you are DENYING anything on ports 0:1024 therefore
if this rule is first in the chain the consecutive rules will not
get executed. I guess you should rearange the order and put the
smtp before you start denying the rest.
-> -----Original Message-----
-> From: Deepak Saxena [mailto:deepak@csociety.purdue.edu]
-> Sent: Tuesday, January 09, 2001 1:17 AM
-> To: plug-discuss@lists.PLUG.phoenix.az.us
-> Subject: smtpd firewall rules...
->
->
->
-> I'm trying to get smtpd(postfix) to receive email from the outside
-> world but limiting my system to only accept things on certain ports
-> for security reasons. I've only got incoming ports
-> 80(http), 25(smtp),
-> and 42(named, running my domain primary) open, and when I do a
-> telnet to port 25 on my machine, I get zip, zero nada. If I open
-> up all incoming ports, i can connect with no problem. So there must
-> be something other than just port 25 that's required to access the
-> mail server...however, running ethereal on my outside ethernet card
-> shows no activity other than smtp and some outgoing DNS when I telnet
-> in with all ports open....so what am I doing wrong. Here's a
-> dump of my current IPCHAINS config:
->
-> [root@arrakis dsaxena]# ipchains -L
-> Chain input (policy ACCEPT):
-> target prot opt source destination
-> ports
-> DENY tcp ------ anywhere anywhere
-> any ->
-> 0:1024
-> ACCEPT tcp ------ anywhere
-> dyn-dsl1-148-phx.bazillion.com
-> any -> smtp
-> ACCEPT tcp ------ anywhere
-> dyn-dsl1-148-phx.bazillion.com
-> any -> nameserver
-> ACCEPT tcp ------ anywhere
-> dyn-dsl1-148-phx.bazillion.com
-> any -> www
-> Chain forward (policy ACCEPT):
-> target prot opt source destination
-> ports
-> MASQ all ------ anywhere 192.168.0.0/24
-> n/a
-> MASQ all ------ 192.168.0.0/24 anywhere
-> n/a
-> Chain output (policy ACCEPT):
->
-> ~Deepak
->
-> --
-> Deepak Saxena - deepak@csociety.purdue.edu - phone://602.790.0500
->
-> "Imagination is more important than knowledge" - Einstein
->
-> ________________________________________________
-> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your
-> mail doesn't post to the list quickly and you use Netscape
-> to write mail.
->
-> Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
-> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
->