www.centos.org - Forums - CentOS 6 - General Support

www.centos.org Forum Index

CentOS 6 - General Support

iptables blocks dns

Bottom

Previous Topic

Next Topic

Topic options

Rate Thread

Rate this Thread
Excellent Good Average Bad Terrible

Search Forum

Search Forum

Advanced Search

View mode

View mode
Threaded
Newest First

Poster	Thread

agriz

iptables blocks dns

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

When i stop iptables

nslookup site.com

Server: dns ip
Address: dns ip#53

Non-authoritative answer:
Name: site.com
Address: ipaddress

When i start iptables,

;; connection timed out; no servers could be reached

Why does iptables blocks dns?

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -I INPUT 1 -i lo -j ACCEPT
iptables -I OUTPUT 1 -o lo -j ACCEPT

//ssh
iptables -A INPUT -i eth0 -p tcp --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 1234 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type echo-reply -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth0 -p icmp --icmp-type echo-reply -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type echo-request -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT

This is what i entered in iptables.

Posted on: 2011/12/8 19:04

TrevorH

Re: iptables blocks dns

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

Quote:

iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT

If these rules are on a DNS server then they are the wrong way round (your INPUT rule should be your OUTPUT rule and vice versa).

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 20:31

agriz

Re: iptables blocks dns

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 -j ACCEPT

Yes, I have these rules in iptables. Are those wrong rules?

Is this correct then?
iptables -A INPUT -p udp -i eth0 --dport 53 --sport 1024:65535 -j ACCEPT
iptables -A OUTPUT -p udp -o eth0 --sport 53 --dport 1024:65535 -j ACCEPT

DNS Server

-- where can i check it?

Posted on: 2011/12/8 20:49

TrevorH

Re: iptables blocks dns

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

If you have a DNS server then it is accepting UDP packets on port 53 so the destination (--dport) needs to be 53 on the INPUT chain.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 21:01

agriz

Re: iptables blocks dns

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

I am not much sure about dns server.

It is just a simple website.
nslookup site.com

is giving me the error when i start iptables.
also, who.is dns search is not displaying any info about the site.

But if i stop iptables, it is working normally. who.is is displaying result.s

Do i need any rules to allow name server via iptables?

Posted on: 2011/12/8 21:10

TrevorH

Re: iptables blocks dns

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

It'll really help if you give examples, preferably with cut'n'paste output of the commands you ran and the results you got vs the results you expected.

Whois is not DNS and does not use port 53 but 43 - `grep whois /etc/services` would show you some clues about that.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 21:20

agriz

Re: iptables blocks dns

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

nicname         43/tcp          whois
nicname         43/udp          whois
whois++         63/tcp
whois++         63/udp
rwhois          4321/tcp                        # Remote Who Is
rwhois          4321/udp                        # Remote Who Is

This is what i run when iptables status is "start"

nslookup my-website.com

Output : 
;; connection timed out; no servers could be reached

nslookup my-ip-address

Server:         4.2.2.2
Address:        4.2.2.2#53

** server can't find xx.xx.xx.xx.in-addr.arpa.: NXDOMAIN

Now i truned of iptables "service iptables stop"

nslookup my-website.com

Output : 
Server:         4.2.2.2
Address:        4.2.2.2#53

Non-authoritative answer:
Name:   webiste.com
Address: my-ip.address

Posted on: 2011/12/8 21:28

agriz

Re: iptables blocks dns

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -L -n -v
[code]

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
   17  1090 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1234 state NEW,ESTABLISHED
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 8 state NEW,RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 0 state NEW,RELATED,ESTABLISHED
    1    60 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:10000 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21 state NEW,ESTABLISHED
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:1234 state ESTABLISHED
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:53 dpts:1024:65535
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 

Chain OUTPUT (policy ACCEPT 2 packets, 264 bytes)
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0   
    2   200 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:1234 state ESTABLISHED
    0     0 ACCEPT     icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0           icmp type 0 state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0           icmp type 8 state RELATED,ESTABLISHED
   15 15404 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:80 state ESTABLISHED
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:443 state ESTABLISHED
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:10000 state ESTABLISHED
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:21 state ESTABLISHED
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:1234 state NEW,ESTABLISHED
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spts:1024:65535 dpt:53

1

Posted on: 2011/12/8 21:30

TrevorH

Re: iptables blocks dns

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

First, your OUTPUT policy is ACCEPT so you can delete all of the rules you have there now as none of them are required.

Can you post the output from `iptables-save` as that's much easier to read than the version you posted.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 21:46

agriz

Re: iptables blocks dns

#10

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

I had the output policy to deny. But i was having problems with wget, curl and yum
Temporarily i have changed the deny to accept. Before finding a solution, i got problem with name server.

When i turn on iptables, site is not loading.

This is the output of iptables-save

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [26:2884]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p icmp -m icmp --icmp-type 0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 10000 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1234 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 --dport 1024:65535 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 1234 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p icmp -m icmp --icmp-type 8 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 10000 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1234 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 1024:65535 --dport 53 -j ACCEPT
COMMIT
# Completed on Fri Dec  9 03:18:50 2011
# Generated by iptables-save v1.4.7 on Fri Dec  9 03:18:50 2011
*mangle
:PREROUTING ACCEPT [40:22161]
:INPUT ACCEPT [40:22161]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [40:3964]
:POSTROUTING ACCEPT [40:3964]
COMMIT
# Completed on Fri Dec  9 03:18:50 2011
# Generated by iptables-save v1.4.7 on Fri Dec  9 03:18:50 2011
*nat
:PREROUTING ACCEPT [6:265]
:POSTROUTING ACCEPT [5:356]
:OUTPUT ACCEPT [5:356]
COMMIT
# Completed on Fri Dec  9 03:18:50 2011

1234 is my ssh
10000 is webmin control panel

Posted on: 2011/12/8 21:52

TrevorH

Re: iptables blocks dns

#11

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

I think you are making this way too complicated. If you want to set your OUTPUT policy to DENY then I would set up a bare minimum of rules, for example

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

That's simple and needs the last rule repeated per output port that you want to allow connections through to. It also allows all outgoing requests in response to packets that have already been allowed. The INPUT side of that is now handled by

-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

You don't need separate input rules for accepting the replies to things that have been allowed out as they're allowed by the 2nd rule above. The things you want on your INPUT chain are for services that you have running on the machine - so, yes, port 1234 wants one like

-A INPUT -i eth0 -p tcp [-s my.source.ip.addresses ] -m state --state NEW -m tcp --dport 1234 - j ACCEPT

This allows the initial connection (optionally from -s my.source.ip.addresses ) and subsequent traffic is allowed in and out by the RELATED,ESTABLISHED rules on input and output chains.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 22:18

agriz

Re: iptables blocks dns

#12

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

//output settings
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT


//input settings
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT

//ssh settings
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 1234 - j ACCEPT

Is this correct?
When i add drop to default, will i lost my ssh immediately or will it execute the shell script till the end?

Posted on: 2011/12/8 22:32

TrevorH

Re: iptables blocks dns

#13

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

Quote:

When i add drop to default, will i lost my ssh immediately or will it execute the shell script till the end?

If you have doubts about that then you need to take steps to make sure that it doesn't happen - you could run it under `screen` for example so if you lose your connection then you haven't lost your session, or you could run a script using `nohup scriptname &`. Whichever way you do it you need to know that you are not about to lock yourself out permanently!

If you have services running on this machine that are listening on particular ports then you need an INPUT rule for each one. Your rules only allow for port 1234 at the moment - didn't you say you had webmin on port 10000 too? You seem to have added that to the output rules instead. Unless you are making outbound connection attempts to other servers that are running ssh on port 1234 then the output rule you have for that is useless too.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 22:43

agriz

Re: iptables blocks dns

#14

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

//output settings
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT


//input settings
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT

//ssh settings
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT

Yes, I have the following service running in server httpd, sendmail, webmin, https, mysqld

Now i have made changes in input settings.
Do i need to create new state for every output port?

will the above settings allow curl other sites with port 80, yum and wget?

Posted on: 2011/12/8 22:53

TrevorH

Re: iptables blocks dns

#15

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

Quote:

will the above settings allow curl other sites with port 80, yum and wget?

Yes.

Quote:

Do i need to create new state for every output port?

If you set the output policy to DROP then you need to explicitly allow the ports to which you want to make outbound connections. Other ports opened by the same connection or related to it will be allowed too by virtue of the RELATED,ESTABLISHED rules.

With the rules you have at the moment, you'll be able to connect to other web sites and SMTP servers from this machine. It also allows you to connect to your webmin port on other servers but I suspect you just didn't get around to removing that yet. You're also allowing traffic to your server from others on http[s], SMTP, relocated ssh and Webmin ports. Any traffic related to those connections is also allowed.

Since you started this thread about DNS you will need to allow outbound traffic on destination port 53, both UDP and TCP. Whois traffic is on port 43.

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 23:17

agriz

Re: iptables blocks dns

#16

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -F

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

//output settings
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

//input settings
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 10000 -j ACCEPT

//ssh settings
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT

Is it now correct rule?
I am just running a simple website with curl usage.
Suggest me if i am wrong.

..
I was using this site to check the dns status
http://who.is/dns/google.com

Posted on: 2011/12/8 23:30

TrevorH

Re: iptables blocks dns

#17

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

Quote:

iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT

Personally I would omit the --sport from the rules and you do not need ESTABLISHED at all as you already have a rule to handle that.

You've also removed the output rules that let outbound SMTP traffic out of your machine which means that no emails will be sent out from this box. The same applies to port 443 outbound and this might be required as I believe some yum update mirrors are accessible over https (not 100% sure on that).

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 23:40

agriz

Re: iptables blocks dns

#18

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

iptables -A OUTPUT -o eth0 -p tcp -m tcp  --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

Is that correct rule?

I got it for output now

Thanks for teaching me.

iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

Do i need this above rule in the input side?
Server is not going to receive any mails. It is just going to send mails.

Thanks again!

Posted on: 2011/12/8 23:46

TrevorH

Re: iptables blocks dns

#19

Moderator

Joined: 2009/9/24

From Brighton, UK

Posts: 6334

Quote:

agriz wrote:

iptables -A OUTPUT -o eth0 -p tcp -m tcp  --dport 53 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT

Is that correct rule?

Yes, that looks fine.

Quote:

iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
Do i need this above rule in the input side?
Server is not going to receive any mails. It is just going to send mails.

If you are not running an email server accepting mails from outside then there is no reason to have this rule and every reason to delete it!

_________________
Linux/VoIP Systems Administrator

Posted on: 2011/12/8 23:52

agriz

Re: iptables blocks dns

#20

Regular Board Member

Joined: 2011/11/19

From

Posts: 81

If you are not running an email server accepting mails from outside then there is no reason to have this rule and every reason to delete it!

Thanks for you help.
I will run add those rules in iptables and i will update the status!

Posted on: 2011/12/8 23:54

Top

Previous Topic

Next Topic

You cannot start a new topic.

You can view topic.

You cannot reply to posts.

You cannot edit your posts.

You cannot delete your posts.

You cannot add new polls.

You cannot vote in polls.

You cannot attach files to posts.

You cannot post without approval.