Solved

How would I write an iptables command to allow an IP to bypass the bypass the SMTP Proxy?

Posted on 2010-08-27
4
363 Views
Last Modified: 2012-05-10
I need to allow a certain IP to bypass the SMTP proxy on our Linux server. What is the command I would type in SSH to allow this?
0
Comment
Question by:darrenl
4 Comments
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548645
This is quite difficult to answer, not knowing how your network is setup and how you are intercepting SMTP traffic and redirecting it at the moment, but something like the following line may work:

iptables -I FORWARD -s src.ip.addr. -p tcp --dport 25 -j ACCEPT
0
 
LVL 3

Expert Comment

by:kiitii
ID: 33548886
Yeah i agree with mcuk_storm, you will have to elaborate what is your current environment?

Assumption, you have a server running linux and uses iptables as Firewall.
We do not know, whether have you setup masquerading for internet access?
It will be easier if you can paste your current iptables rules here, and you can hide your public ip address.
That will ease the experts here to assist you to achieve what you want.
 
0
 

Author Comment

by:darrenl
ID: 33549878
Hi guys, I apologize. My setup is a CentOS server. The reason I ask is we failed PCI compliance because I believe the firewall blocks a certain IP from sending messages to the SMTP server after a certain period, which in turn gives a possible buffer overflow. So if I could allow that IP to get an error messages back from SMTP instead of just being timed out it would let us pass.
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 33551396
You would have to have very fancy firewall rules to block a certain IP from sending messages to the SMTP server after a certain period . And if you did block the IP, how does the testing authority determine that would in turn give a possible buffer overflow?
There are 2 ways to "block" an IP, either -j DROP or -j REJECT. The difference is that with REJECT, the caller gets error ECONNREFUSED (or you can configure for a limited number of other errors - see man iptables ). With DROP, nothing is returned: it is as if the connection request had gone to an open-circuit cable. It is up to the caller to time-out the request.
Possibly you can fix your problem by replacing DROP with RESET in the appropriate rule therefore.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question