Avatar of colonialiu20
colonialiu20
Flag for United States of America asked on

Yahoo mail affected by new Linux Firewall w/ web filter

I recently implimented a transparent proxy running Fedora Core 5 and Dansguardian for web filtering purposes.
Not knowing much about iptables, through a mix of resources and EE advice, I used the following for Internet traffic to be allowed through, and for traffic to be redirected to the Dansguardian filter:

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE (where eth1 is the NIC connected to the wireless router)
iptables -A FORWARD -i eth0 -j ACCEPT (where eth0 is the nic connected to your LAN i.e. your laptop)
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -j REDIRECT --to-port 8080
/etc/init.d/iptables save

It works just fine.
I have one user on the simple network having problems with Yahoo Mail.  When they login with this network the colors are gone, the text jumbled everywhere, and much of the functionality not working.  In effect their email is unusable in this network. -Works fine elsewhere.

It was recommended that maybe Yahoo was using a port I didn't have open, BUT I believe the above iptable command allows all outbound ports.  I want to fix that too but first things first.

I can't find a reference to Yahoo using a special port.  All other web-based and POP3 mail works perfectly fine.
mail.yahoo.com is whitelisted with regard to the filter.

If someone thinks I need to make iptables changes please provide commands, as I haven't figured that aspect out yet.

Explanations and step by step directions are appreciated.
Linux Networking

Avatar of undefined
Last Comment
Computer101

8/22/2022 - Mon
noci

to find out what traffic passes you can use tcpdump.../ ethereal/ wireshark
and likewise packet sniffers.

use it like

tcpdump -ni eth0 host ip.ad.dr.es

and use the right ipaddress on ip.ad.dr.es
then try to access yahoo, that will tell you what ports are used.
if yahoo uses port 80, then also your proxy might have impact.

btw, all outside->inside access to port 80 is also redirected to port 8080,
dont known if it was meant that way.
And indeed if that's all you did to the iptables rules then you don't block any
traffic. (dansguardian).
colonialiu20

ASKER
Well the problem was resolved.  It just took a day for me to walk away from and of course it was simple.  Apparently ALL of the graphics in the mail.yahoo.com site are located in the 'yimg.com' domain -which was blocked.  After whitelisting that site it all works fine.

I will likely have actual IPtable troubles in the near future, as I obviously need the firewall locked down.  For now there is at least a router sitting between the Linux box and the outside world to protect incoming traffic.
noci

I agree
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
Computer101

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question