Advertisement

05.06.2008 at 12:25PM PDT, ID: 23380642
[x]
Attachment Details

EDIT: Postfix start automatically in Redhat END EDIT - Enabling SMTP via iptables

Asked by eohns in Linux Network Security, Linux Networking, Linux Administration

Tags: ,

I resolved the problem, iptables was working correctly, but postfix doesn't start automatically, I'm willing to give the points if someone can instruct me to set postfix to start up automatically in Redhat?  I can do it in Gentoo, but Redhat eludes me.

=============================================================================================

We have iptables setup on a linux server.  I was trying to get the iptables to save properly and somehow, things have gone awry.  By executing:

iptables -I INPUT 1 -p tcp --dport 25 -j ACCEPT

I was able to telnet to the port after a reboot:

telnet community.nyln.org 25
Trying 75.19.188.102...
Connected to community.nyln.org.
Escape character is '^]'.
220 metadot.nyln.org ESMTP Postfix
^]
telnet> quit
Connection closed.


I thought executing

iptables-save > /etc/sysconfig/iptables.save

was enough to save on reboot, but it wasn't.  I ended up with multiple rules accepting port 25 (accidentally on my part), and now I cannot get a telnet connection to work at all.

On reboot, this is my iptables:

[root@server sbin]# ./iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  adsl-70-244-126-158.dsl.austtx.swbell.net  anywhere           tcp dpt:ssh
ACCEPT     tcp  --  192.168.0.0/16       anywhere           tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere           tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http state NEW
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh state NEW
REJECT     all  --  anywhere             anywhere           reject-with icmp-host-prohibited

Trying to telnet in gives this:
telnet mail.nyln.org 25
Trying 75.19.188.102...
telnet: Unable to connect to remote host: No route to host

I then run:
iptables -I INPUT 1 -p tcp --dport 25 -j ACCEPT

giving me this:

[root@server sbin]# ./iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp
ACCEPT     tcp  --  adsl-70-244-126-158.dsl.austtx.swbell.net  anywhere           tcp dpt:ssh
ACCEPT     tcp  --  192.168.0.0/16       anywhere           tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere           tcp dpt:ssh
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http state NEW
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh state NEW
REJECT     all  --  anywhere             anywhere           reject-with icmp-host-prohibited

telnet then tells me this:

 telnet mail.nyln.org 25
Trying 75.19.188.102...
telnet: Unable to connect to remote host: Connection refused

Really stuck, any help?
Start Free Trial
 
Keywords: EDIT: Postfix start automatically in Re…
Title
1 IPTABLES not allowing Remote Desktop…
2 IPTables
3 what wrong on my iptables setting?
4 iptables
5 iptables
6 iptables routing troubles
 
Loading Advertisement...
 
[+][-]05.06.2008 at 12:30PM PDT, ID: 21510229

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 12:46PM PDT, ID: 21510368

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 12:48PM PDT, ID: 21510386

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 12:51PM PDT, ID: 21510420

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 01:00PM PDT, ID: 21510508

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Linux Network Security, Linux Networking, Linux Administration
Tags: Linux, iptables
Sign Up Now!
Solution Provided By: uetian1707
Participating Experts: 2
Solution Grade: A
 
 
[+][-]05.06.2008 at 01:08PM PDT, ID: 21510583

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 01:11PM PDT, ID: 21510621

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 01:16PM PDT, ID: 21510658

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]05.06.2008 at 01:37PM PDT, ID: 21510826

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628