Solved

Ipchains only mail

Posted on 2000-05-10
10
309 Views
Last Modified: 2010-04-20
I need put a ipchains for DENY all packets TCP, but no mail packets,from pc 192.168.2.168. I put
ipchains A input -p TCP -s 192.168.2.168 ! pop-3 ! smtp -j DENY. But it doesnt' work as i want it.
0
Comment
Question by:G2MD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 2

Expert Comment

by:ksemat
ID: 2797404
I really don't get what you're saying do you want to deny all mail packets from 192.168.2.168 and allow all other tcp packets or the other way round?
have you also tried the full path i.e /sbin/ipchains?
try ipchains -A input -p tcp -s 192.168.2.168 -d $1 25 -j DENY
if what you want is to allow all other packets apart from smtp packets from 192.168.2.168
0
 
LVL 2

Expert Comment

by:ksemat
ID: 2797408
oops type the full command path /sbin/ipchains
0
 

Author Comment

by:G2MD
ID: 2797479
I want that 192.168.2.168 only use internet for email. That's right
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Expert Comment

by:ksemat
ID: 2799082
then try fisrt denying all packets from 192.168.1.168 then specifically allowing smtp packets from it. Something like
/sbin/ipchains -A input -l -s [banned host] -d $1 -j DENY
then add the other rule I gave you except chage it to accept.Where banned host is the IP of the host whose packets you want to deny.
0
 

Author Comment

by:G2MD
ID: 2810591
What's $1 in that command?. And For deny a packet you i put -j DENY, what do i put in the command for accept smtp packet [from banned host]?. Do i need accept pop-3 packets,too ?
0
 
LVL 2

Expert Comment

by:ksemat
ID: 2811542
You only need to accept pop3 packets if your users are going to allow them to pop mail off your server using clients like eudora outlook express pegasus etc
to allow smtp packets
/sbin/ipchains -A input -p tcp -s 192.x.x.x -d $1 25 -j ACCEPT
If you decide to accept pop3 then change the port 25 above to 110 in a separate entry.
to understand ipchains read the manual pages and the howtos on the internet.
0
 

Author Comment

by:G2MD
ID: 2811853
These commands wasn't accept for the ipchains, because don't have destination ip address. I probe with this command
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 -j DENY

/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0  $1 25 -j ACCEPT

/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0  $1 110 -j ACCEPT

And i can't receive and send email from pc 192.168.x.x.x

0
 

Author Comment

by:G2MD
ID: 2811865
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 -j DENY

/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0  $1 25 -j ACCEPT

/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0  $1 110 -j ACCEPT
 
I had to read the howsto and these manuals doesn't speak about parameter $ 1 and i don't understand the parameter -l.

Thank's a lot
0
 
LVL 2

Accepted Solution

by:
ksemat earned 50 total points
ID: 2814642
It is probably a problem to do with flushing rulesets now what I suggest is go to http://firewall.langistix.com and download a firewall script from there and then edit it and and make the appropriate changes because ny problem is that explaining ipchains will take a lot of writing just either add your host to the banned or the friends basing on what I have already given you.
I don't use it but I have looked through it and it will definitely help solve your problem.
0
 

Author Comment

by:G2MD
ID: 2814791
Than's for everything
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question