para abrir el puerto 25. pon algo asi: iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT con esto abres el puerto 25, pero a conexiones desde cualquier sitio si lo que quieres es limitar esto con [-d IPs] filtras la direccion a la que se dirige el paquete. Si lo que quieres es filtrar por interfaz pon -i eth0( p.ejemplo). de todas formas, sigo sin ver demasiado clara la configuracion de tu firewall...
-----Mensaje original----- De: Julian Ramos Marrero [mailto:julian@grupo-banchio.com] Enviado el: lunes, 27 de enero de 2003 18:57 Para: Miguel Rodriguez; ListaSUSE Asunto: RE: [suse-linux-s] Problemas con Sendmail
Miguel,
Lo que quiero abrir es el puerto 25, que se supone que esta abierto, pero no es asi, ya que tiene el mismo tratamiento que el 110 y el 22
Saludos,
Julia?n
-----Mensaje original----- De: Miguel Rodriguez [mailto:mrodriguez@catenon.com] Enviado el: lunes, 27 de enero de 2003 15:29 Para: Julian Ramos Marrero; suse-linux-s@suse.com Asunto: RE: [suse-linux-s] Problemas con Sendmail
en la configuracion que me mandas no veo por ninguna parte que estes dejando entrar nada, en cambio si que hay lineas en las que explicitamente pides que no acepte conexiones. Que es exactamente lo que quieres abrir o cerrar en tu firewall?
-----Mensaje original----- De: Julian Ramos Marrero [mailto:julian@grupo-banchio.com] Enviado el: lunes, 27 de enero de 2003 14:58 Para: Miguel Rodriguez; suse-linux-s@suse.com Asunto: RE: [suse-linux-s] Problemas con Sendmail
Miguel,
Te envio el resultado de iptables,
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED udp dpts:netbios-ns:netbios-dgm LOG all -- loopback/8 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- artesgraficas-jrh.fadlan.com anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- artesgraficas-jrh.fadlan.com anywhere LOG all -- smtp.artesgraficas-jrh.fadlan.com anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- smtp.artesgraficas-jrh.fadlan.com anywhere input_ext all -- anywhere smtp.artesgraficas-jrh.fadlan.com input_int all -- anywhere artesgraficas-jrh.fadlan.com DROP all -- anywhere 192.168.0.255 DROP all -- anywhere 255.255.255.255 DROP all -- anywhere 192.168.1.255 DROP all -- anywhere 255.255.255.255 LOG all -- anywhere smtp.artesgraficas-jrh.fadlan.comLOG level warning tcp-options ip-options prefix `SuSE-FW-NO_ACCESS_INT->FWEXT ' DROP all -- anywhere smtp.artesgraficas-jrh.fadlan.com LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-UNAUTHORIZED-TARGET ' DROP all -- anywhere anywhere
Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere forward_ext all -- anywhere anywhere forward_int all -- anywhere anywhere LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-UNAUTHORIZED-ROUTING ' DROP all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-FORWARD-ERROR '
Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere LOG icmp -- anywhere anywhere icmp time-exceeded LOG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT ' ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp port-unreachable ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed ACCEPT icmp -- anywhere anywhere icmp network-prohibited ACCEPT icmp -- anywhere anywhere icmp host-prohibited ACCEPT icmp -- anywhere anywhere icmp communication-prohibited DROP icmp -- anywhere anywhere icmp destination-unreachable ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '
Chain forward_dmz (0 references) target prot opt source destination LOG all -- 192.168.0.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 192.168.0.0/24 anywhere LOG all -- 192.168.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 192.168.1.0/24 anywhere LOG all -- anywhere artesgraficas-jrh.fadlan.comLOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' DROP all -- anywhere artesgraficas-jrh.fadlan.com LOG all -- anywhere smtp.artesgraficas-jrh.fadlan.comLOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' DROP all -- anywhere smtp.artesgraficas-jrh.fadlan.com ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere
Chain forward_ext (1 references) target prot opt source destination LOG all -- 192.168.1.0/24 anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- 192.168.1.0/24 anywhere LOG all -- anywhere artesgraficas-jrh.fadlan.comLOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' DROP all -- anywhere artesgraficas-jrh.fadlan.com ACCEPT icmp -- anywhere anywhere state RELATED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere
Yo no veo nada extrano ... las redes son 192.168.0 y la 192.168.1
-- -- Step Informa. Este mensaje ha sido verificado en busqueda de virus y troyanos por MailScanner, APARENTEMENTE esta limpio. Mas informacion en 902101843. ** This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. More info on 902101843.
-- Para dar de baja la suscripcisn, mande un mensaje a: suse-linux-s-unsubscribe@suse.com Para obtener el resto de direcciones-comando, mande un mensaje a: suse-linux-s-help@suse.com
-- Para dar de baja la suscripcisn, mande un mensaje a: suse-linux-s-unsubscribe@suse.com Para obtener el resto de direcciones-comando, mande un mensaje a: suse-linux-s-help@suse.com
-- -- Step Informa. Este mensaje ha sido verificado en busqueda de virus y troyanos por MailScanner, APARENTEMENTE esta limpio. Mas informacion en 902101843. ** This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. More info on 902101843.
-- -- Step Informa. Este mensaje ha sido verificado en busqueda de virus y troyanos por MailScanner, APARENTEMENTE esta limpio. Mas informacion en 902101843. ** This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. More info on 902101843.
-- Para dar de baja la suscripcisn, mande un mensaje a: suse-linux-s-unsubscribe@suse.com Para obtener el resto de direcciones-comando, mande un mensaje a: suse-linux-s-help@suse.com