How to edit firewall rule for this ?

Do you have any outgoing ports blocked? That is really a separate question.
For incoming calls, you have to decide which host is to receive the call - i.e. when the external interface is called on port 25 then that is forwarded and Network Address Translated (NAT'd) to a specific interface and host on that interface. If you want it to come in to the box running iptables, change the filter rule. Examples below

# --- NAT script (part of) ----
 
set -x
 
# We don't expect the gateway address to change, but check it anyway...
gateway=`cat /etc/dhcpc/dhcpcd-eth1.info|grep IPADDR|cut -d= -f2`
[ -z "$gateway" ] && gateway=210.49.215.145
 
# We don't expect the address of Andrew's computer to change,
# but check it anyway...
andrew=`/usr/bin/dig andrew.mshome.net| \
  /usr/bin/grep -A1 "ANSWER SECTION"| \
  /usr/bin/grep -i andrew.mshome.net| \
  /usr/bin/awk '{print $5}'`
[ -z "$andrew" ] && andrew=192.168.0.99
 
# nat table (Router function)
# === ===== ======= =========
 
# Mangle source addresses of all outgoing traffic
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $gateway
 
# Route some specific incoming calls to Andrew's pc
for i in \
  6112 \
  6500 \
  6969 \
  7777 \
  7778 \
  47624 \
  9000
do
  iptables -t nat -A PREROUTING -i eth1 -p tcp --dport $i -j DNAT --to $andrew
done
 
 
# --- Complete firewall script
 
# filter table (Firewall function)
# ====== ===== ========= =========
 
# A chain to log & drop a packet, except don't log FIN pkts
iptables -N logdrop
iptables -A logdrop -p tcp -m tcp --tcp-flags FIN FIN -j DROP
# Actually all logging is commented out because too much stuff gets logged
#iptables -A logdrop -j LOG --log-level debug
iptables -A logdrop -j DROP
 
# A chain to inspect incoming (to this box) packets from cable modem
iptables -N cable
# Allow bootps->bootpc udp
iptables -A cable -p udp --source-port 67 --destination-port 68 -j ACCEPT
# Allow icmp but not too many
iptables -A cable -p icmp -m limit --limit 5/second -j ACCEPT
# Allow DNS replies
iptables -A cable -p udp --source-port 53 -j ACCEPT
iptables -A cable -j logdrop
 
# Firewall rule - check incoming (to this box) packets from cable modem
iptables -A INPUT -i eth1 -j cable
set +x

Select allOpen in new window

Hi,

I am a newbie in linux.Please explain in detail.

Do you have any outgoing ports blocked?

How to check this?

The question here is

 I shouldn't let to expose 25 and 5432 through the firewall. ---------> mean expect 25 and 5432 everything  i can allow.Please provide the command for this.

I need to unblock ports 22 for ssh, 80 for http and 443 for https.---> means unblock 22 and 80 433 ..right?
Please provide the command.


25 should be kept open for outgoing traffic only.---> means we already blocked 25 we need to allow this for outgoing only right?Please provide the command.

I don't block any outgoing connections and have never looked up how to do that. Consult the iptables / netfilter man pages and kernel source documentation to find out how to do it and whether it's in effect just now.
To give you more explicit commands I need to know: do you want incoming port 25 (and the others) to the system running iptables? Or do you want it on some other system on a lan that the iptables system routes to?

do you want incoming port 25 (and the others) to the system running iptables?
Yes
Or do you want it on some other system on a lan that the iptables system routes to?
No

How to check any outgoing ports are blocked?

I assume you are using eth0 for your connection. "ifconfig" will confirm this. A rule to open port 22:

iptables -A INPUT -i eth0 -p tcp --destination-port 22 -j ACCEPT

Put this rule first (or early on).
I do not know how 25 outgoing is blocked. Please post all the rules that you have and I'll have a try.

This is what iptables list :

Can u tell me each entry what it means:

[root@server monit-5.0-beta1]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
[root@server monit-5.0-beta1]#

Select allOpen in new window

No. I don't find the output from "iptables -L" particularly helpful actually. What I wanted you to post was your rules files. Please do that.

root@server sysconfig]# cat iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.xx.0.xx -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[root@server sysconfig]#

Thanks for that. I'm not familiar with the Red Hat configuration system - was hoping to see the actual iptables command lines (which is how I configure it).  But you might have trouble getting these.
Actually the -A lines look like they are the arguments to iptables. Maybe I can make sense of this after work (have to go now)