Re: [Exim] exim behing iptables

Top Page
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Dave Miller, exim-users
Subject: Re: [Exim] exim behing iptables
----- Original Message -----
From: "Dave Miller" <dave@???>
To: <exim-users@???>
Sent: Saturday, September 13, 2003 3:12 PM
Subject: [Exim] exim behing iptables


This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Hello -

I am running Exim 4.2 on a RH 7.2 machine. I use iptables with the input
chain set to drop and rules to open port 25 to all traffic, allow any
service on the machine to access dns, etc. I can receive mail with the drop
policy in place but when I try to send non local mail Exim times out. Do I
need to open additional ports for Exim? If yes, which ones? If no, any ideas
on why the time out?

Thank you.

--

Check /etc/services to find the ports for whatever services you run on your
machine. You can refer to any service listed in /etc/services, by name, in
your iptables rules (e.g. "-dport smtp")

iptables has independent "input", "output" and "forward" chains. Draw
yourself a little diagram of which ports need to be opened in each of these
chains, depending on what services you need to support. "Input" is for
packets directed TO your server from anywhere. "Output" is for packets
directed FROM your server to anywhere. "Forward" is for packets with both
source and destination NOT your server (for example, traffic between your
internal LAN behind the firewall, and the outside world).

My guess is you need to add a rule to the "Output" chain to allow outgoing
traffic to other SMTP servers; for example:

iptables -A OUTPUT -p tcp -dport 25 -j accept

Your mileage may vary (YMMV).

Best wishes.

Jim Roberts
Punster Productions, Inc.