need a iptable script

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

what is this 192.168.20.20 ?? is your mail server address ??

iptables -P -tcp --dport 25 -j ACCEPT
iptables -P -tcp --dport 110 -j ACEPT
iptables -P -tcp --dport 3000  -j ACCEPT

but you dont need to block all output and forward rules

just blocking input is enough

sorry there is small problem of syntax
try the bellow one

iptables -A INPUT  -p tcp --dport 25 -j ACCEPT
iptables -A INPUT  -p tcp --dport 110 -j ACCEPT
iptables -A INPUT  -p tcp --dport 3000-j ACCEPT

or you can copy from here

http://fosiul.co.uk/KnowledgeCategories.php?CID=71

One more thing

before adding those,
can you past the result here

go to
cd /etc
cd sysconfig

cat iptables

copy the output and past here , i just want to see incase if you have any RH rules there, then you will have to add those under RH rules

192.168.20.20 is email server

cd /etc
cd sysconfig

cat iptables
no such file or directory

cat /etc/sysconfig/iptables

or cd /etc/sys.config
then cat iptables

if you dont see anything that mean, you dont have iptables installed

if you type,  service iptables restart

does iptables restart ??

also type : whereis iptables

past the result here

when i type
service iptables restart
iptables : unrecorganized service

whereis iptables
iptables: /sbin/iptables /lib/iptables /usr/share/man/man8/iptables.8gz

ok from output of iptables is saying iptables is installed

are you trying to restart iptables as root ??
try to do this as root .


iptables -L
does it return any output ??

If all input is to be dropped then what is the point of forwarding?

yes im in root
iptables -L does return existing rules
Chain INPUT (policy DROP)
tarket .........................etc

ok what happeded is you didnot save your uptables

do this

service iptables save

then restart iptables , service iptables restart

did you add all those rule i have sent before ??

as i said earlier you dont need to block all ports , just block input

can you write again

INPUT DROP all
OUTPUT ACCEPT all
FORWARD, 110, 25, 3000 to 192.168.20.20

service iptables save
iptables: unrecorgnized service

do i have to write those rules in /lib/iptables
or in root?
i did in root, and cannot save

I don't think the script given in comment 23020513 will work, as it only allows output for established sessions, which means that it will not be possible to establish a session in the first place. It would make more sense to set the output policy to ACCEPT and not add any entries to the OUTPUT table.

ok if you do this

iptables -L

do you see all the rules , you added ??

try this

/etc/init.d/iptables save
/etc/init.d/iptables restart

and also you logon to the server as root user right ??

hi chris_barry, the script i have sent, its works with me perfectly always

yes, root user
iptables -L
its still the previous rules
it doesnt flush i guess

/etc/init.d/iptables save
no such file or directory
untitled.JPG

ommm
did you install iptables by your self or was it installed from before ??

if you do yum install iptables , what it say ??  [ i know your iptables is installed but i just want to see]

also
locate iptables

past the result here please

iptables installed default
im using clarkconnect, 4.3 enterprise edition
untitled.JPG

you typed wrong command

its locate iptables

and what Os are you using ??

[root@proxy ~]# locate iptables
/lib/iptables
/lib/iptables/libipt_connlimit.so
/lib/iptables/libipt_hashlimit.so
/lib/iptables/libipt_ttl.so
/lib/iptables/libipt_state.so
/lib/iptables/libipt_comment.so
/lib/iptables/libipt_ipp2p.so
/lib/iptables/libipt_MIRROR.so
/lib/iptables/libipt_pkttype.so
/lib/iptables/libipt_DSCP.so
/lib/iptables/libipt_NETMAP.so
/lib/iptables/libipt_TTL.so
/lib/iptables/libipt_tos.so
/lib/iptables/libipt_mark.so
/lib/iptables/libipt_mac.so
/lib/iptables/libipt_CONNMARK.so
/lib/iptables/libipt_limit.so
/lib/iptables/libipt_conntrack.so
/lib/iptables/libipt_dscp.so
/lib/iptables/libipt_tcp.so
/lib/iptables/libipt_ecn.so
/lib/iptables/libipt_REDIRECT.so
/lib/iptables/libipt_TOS.so
/lib/iptables/libipt_REJECT.so
/lib/iptables/libipt_SNAT.so
/lib/iptables/libipt_rpc.so
/lib/iptables/libipt_TRACE.so
/lib/iptables/libipt_multiport.so
/lib/iptables/libipt_iprange.so
/lib/iptables/libipt_length.so
/lib/iptables/libipt_addrtype.so
/lib/iptables/libipt_ECN.so
/lib/iptables/libipt_standard.so
/lib/iptables/libipt_NOTRACK.so
/lib/iptables/libipt_policy.so
/lib/iptables/libipt_unclean.so
/lib/iptables/libipt_NFQUEUE.so
/lib/iptables/libipt_udp.so
/lib/iptables/libipt_MASQUERADE.so
/lib/iptables/libipt_tcpmss.so
/lib/iptables/libipt_esp.so
/lib/iptables/libipt_ULOG.so
/lib/iptables/libipt_connmark.so
/lib/iptables/libipt_MARK.so
/lib/iptables/libipt_helper.so
/lib/iptables/libipt_physdev.so
/lib/iptables/libipt_owner.so
/lib/iptables/libipt_DNAT.so
/lib/iptables/libipt_realm.so
/lib/iptables/libipt_CLASSIFY.so
/lib/iptables/libipt_TCPMSS.so
/lib/iptables/libipt_LOG.so
/lib/iptables/libipt_icmp.so
/lib/iptables/libipt_ah.so
/lib/iptables/libipt_TARPIT.so
/lib/iptables/libipt_SAME.so
/lib/iptables/libipt_sctp.so
/lib/iptables/libipt_recent.so
/usr/share/doc/iptables-1.3.5
/usr/share/doc/iptables-1.3.5/COPYING
/usr/share/doc/iptables-1.3.5/INSTALL
/usr/share/doc/iptables-1.3.5/INCOMPATIBILITIES
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/iptables_acc_snmp
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/HANDCO-SNMP-MIB.txt
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting/iptables-accounting
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc/iptables_acc
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save
/sbin/iptables-bin
/var/lock/subsys/iptables

OS
CentOS release 4.4 (Final)

ok so before lib , you dont have any lines like this , is not it ??

/etc/rc.d/init.d/iptables
/etc/rc.d/rc0.d/K92iptables
/etc/rc.d/rc1.d/K92iptables
/etc/rc.d/rc2.d/S08iptables
/etc/rc.d/rc3.d/S08iptables
/etc/rc.d/rc4.d/S08iptables
/etc/rc.d/rc5.d/S08iptables
/etc/rc.d/rc6.d/K92iptables
/etc/sysconfig/iptables
/etc/sysconfig/iptables-config
/etc/sysconfig/iptables.save


Some time, if you type locate iptables, its does not comeup screen properly so you  might miss the first section so try this

locate iptables | less  

you need to press enter to go down
i just need to know that if you have those lines or not as i mentioned

[root@proxy ~]# locate iptables | less
/lib/iptables/libipt_unclean.so
/lib/iptables/libipt_NFQUEUE.so
/lib/iptables/libipt_udp.so
/lib/iptables/libipt_MASQUERADE.so
/lib/iptables/libipt_tcpmss.so
/lib/iptables/libipt_esp.so
/lib/iptables/libipt_ULOG.so
/lib/iptables/libipt_connmark.so
/lib/iptables/libipt_MARK.so
/lib/iptables/libipt_helper.so
/lib/iptables/libipt_physdev.so
/lib/iptables/libipt_owner.so
/lib/iptables/libipt_DNAT.so
/lib/iptables/libipt_realm.so
/lib/iptables/libipt_CLASSIFY.so
/lib/iptables/libipt_TCPMSS.so
/lib/iptables/libipt_LOG.so
/lib/iptables/libipt_icmp.so
/lib/iptables/libipt_ah.so
/lib/iptables/libipt_TARPIT.so
/lib/iptables/libipt_SAME.so
/lib/iptables/libipt_sctp.so
/lib/iptables/libipt_recent.so
/usr/share/doc/iptables-1.3.5
/usr/share/doc/iptables-1.3.5/COPYING
/usr/share/doc/iptables-1.3.5/INSTALL
/usr/share/doc/iptables-1.3.5/INCOMPATIBILITIES
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/iptables_acc_snmp
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc_snmp/HANDCO-SNMP-MIB.txt
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting/iptables-accounting
/usr/share/doc/mrtg-2.10.15/contrib/iptables-accounting/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc/README
/usr/share/doc/mrtg-2.10.15/contrib/iptables_acc/iptables_acc
/usr/share/man/man8/iptables.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables-restore.8.gz
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save
/sbin/iptables-bin
/var/lock/subsys/iptables
(END)

There is something wrong in your iptables setup

ommm
i would of suggest you to intall iptables again by yum
but your yum is not working!! its wired!!
i am using centos aswell

who setup this server ??

i did, with default installation

omm for Centos , yum would be installed by default omm but your one yum is not even installed

ok let me check something

Is the situation more complex than you original question implied? You refered only to addresses in the private 192.168 range but your iptables rules refer to a public Internet address. Do you need Network Address Translation (NAT)? Are you expecting mail from the Internet to be forwarded to your local SMTP server?

Hi fosiul01,
If you are using it then I have to accept that it works, but it certainly looks to me as if it shouldn't. I normally start by flushing each table before defining new rules. Is it possible that you have some rules already defined?

A final thought. Don't forget to
echo 1 >/proc/sys/net/ipv4/ip_forward
to tell the kernel to enable forwarding.

Hi Chris:, if you check this comments : id 23021149

that i have flushed all the rules then i start to type one by one.

but problem is, its taking the rules but when he did Iptables -L
those rules is not showing.
what i am seeing is, those rules is already there


hi ammadeyy2: when you typed iptables -L , the rule you see
did you typed those rule ?? i guess not .

whats up ?? you closed this question ?? is your problem solved ??

There is no /etc/init.d/iptables. This may be a good time toa sk what distribution you are using.

It would be more tidy to use the existing mechanism for setting iptables, if you can find it, but you could simply create a new iptables script in init.d. Since you don't need to stop or reload it could be much simpler than the usual init.d script. You should then create a symbolic link to it in /etc/rcn.d (Where n is your usual run level, normally 2 or 3 but use the runlevel command to find out.) with a name like S90iptables.

check this one


http://www.linuxquestions.org/questions/linux-software-2/webmin-not-working-fedora-core-3-303900/

sorry i posted wrong link here
it suppose to be for another question
sorry

he is using Centos 4

problem not solved, opening second question

haahahaah good

since your yum install installed
at first install it
check this tutorial
http://maimon-it.blogspot.com/2005/06/install-yum-on-redhat-enterprise-linux.html
http://yum.baseurl.org/

when yum would be installed then install iptables again
your problem would be solved

fosiul01,

Please please please dont take this the wrong way but when you respond to questions can you take some time to type out a complete answer.

You are a quite capable individual and has assisted lots of people and you always contribute well to questions but whenever you do get involved in a thread the multiple responses here and there before the asker has been able to respond is like being mail bombed.

I'm just asking for you to take a little time and perhaps switch to decaff coffee :-)

haahahah
sorry didnot understand!! what have i done wrong here ??

actually, you've done nothing wrong, it's more your enthusiastic approach to responding to questions.
post a comment here and I'll give you a demo (you seem to have a sense of humor which is good :-))

https://www.experts-exchange.com/questions/23927967/multiple-responses-demo.html

u told me to have decaffe! So went out 4r 3 hrs to cafee. Let me bk!