How to enable inbound POP and SMTP to Redhat Server

This question is concerning an Intel server running Redhat 9 and Plesk.

When Redhat was installed, the default "medium" firewall option was taken.

Now that plesk has been installed (to allow website hosting) - the server rejects connections for POP and SMTP - preventing people from checking mail (which resides on the server).

Just as an experiment, I stopped the iptables service. That allowed me to log in and get mail.

I do not want to completely do away with the protection of the firewall. Thus I only need to add allowance of inbound traffinc on the POP and SMTP related ports. I have read through the redhat manuals and am in way over my head at this point.

Can anyone provide advice on how to do this?

Thanks,
Eric
epaschalAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

epaschalAuthor Commented:
Just as additional info - here is the existing IPTABLES setup (assuming this is even relevant)...

[root@ps2 root]# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
0
jlevieCommented:
As root execute lokkit. Select Customize and check "Mail (SMTP)" and also in "Other Ports" enter "pop:tcp". That should (if your RH 9 system is up to date w/respect to the RedHat errata) adjust the firewall rules. I'm not sure if it will work on an out of the box RH 9 install and seem to remember some problems with the version from the CD's. Since this system has Internet exposure you really want the updates in place for security reasons. Those updates are available from http://www.fedoralegacy.org now that Redhat no longer supports that version.
0
epaschalAuthor Commented:
Thanks jlevie,

Unfortunately, I had also attemped that earier, to no avail... :(

That's why I was specifically targeting the iptables, or whatever the actual source of the problem is.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

jlevieCommented:
If memory serves, I seem to remember a bug in lokit in the distreibution of RH 9 that prevented it from actually changing the firewall. That was fixed by one of the errata updates and if you haven't applied all of the errata updates it may be the problem.
0
epaschalAuthor Commented:
Do you know how to fix the problem, without using the RedHat tool? I have applied all of the updates.
0
jlevieCommented:
I haven't had much success in manually modifying the lokit generated rules. But if you want to try see my comment in http://www.experts-exchange.com/Networking/Linux_Networking/Q_21199052.html

Alternatively you can scrap the lokit generated rules and base a firewall on what I use. You can get it from http://www.entrophy-free.net/tools/iptables-gw
0
wesly_chenCommented:
Hi,

   How about /usr/bin/redhat-config-securitylevel (or /usr/bin/firewall on older RedHat version)?
It's the interface of iptables in GUI.

Wesly
0
epaschalAuthor Commented:
Hi Wesley,

I don't have that program in bin, don't know why (using Redhat 9, latest kernel). Here's what I did have prefixed with "redhat":

redhat-config-mouse          redhat-config-network-druid
redhat-config-network        redhat-config-network-tui
redhat-config-network-cmd

Also no luck with the /usr/bin/firewall directory.
0
wesly_chenCommented:
Hi,
   Download from the following URL and usr "rpm -ivh redhat-config-securitylevel-1.1.1-3.noarch.rpm"
http://download.fedoralegacy.org/redhat/9/os/i386/redhat-config-securitylevel-1.1.1-3.noarch.rpm

   You can find the file in your RedHat 9 CDs.

Wesly
0
cyb3rj0hnCommented:
Add this to your firewall or run from command line to test:

# SMTP and POP3
iptables -A INPUT -i eth0 -p tcp --d port 25 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --d port 110 -j ACCEPT

Hope this helps.

Cheers,
John
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
de2ZotjesCommented:
In general on a rh9 box you can manually alter the iptables rules ( - as cyb3r.. suggests - ). And after that you can run ( as root):

service iptables save

This will write out the active ruleset to /etc/sysconfig/iptables. After a reboot (or similar event) your rules will not be lost :)
I can't think of anything more that an interface tool would do for you...

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.