Solved

How would I write an iptables command to allow an IP to bypass the bypass the SMTP Proxy?

Posted on 2010-08-27
4
353 Views
Last Modified: 2012-05-10
I need to allow a certain IP to bypass the SMTP proxy on our Linux server. What is the command I would type in SSH to allow this?
0
Comment
Question by:darrenl
4 Comments
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548645
This is quite difficult to answer, not knowing how your network is setup and how you are intercepting SMTP traffic and redirecting it at the moment, but something like the following line may work:

iptables -I FORWARD -s src.ip.addr. -p tcp --dport 25 -j ACCEPT
0
 
LVL 3

Expert Comment

by:kiitii
ID: 33548886
Yeah i agree with mcuk_storm, you will have to elaborate what is your current environment?

Assumption, you have a server running linux and uses iptables as Firewall.
We do not know, whether have you setup masquerading for internet access?
It will be easier if you can paste your current iptables rules here, and you can hide your public ip address.
That will ease the experts here to assist you to achieve what you want.
 
0
 

Author Comment

by:darrenl
ID: 33549878
Hi guys, I apologize. My setup is a CentOS server. The reason I ask is we failed PCI compliance because I believe the firewall blocks a certain IP from sending messages to the SMTP server after a certain period, which in turn gives a possible buffer overflow. So if I could allow that IP to get an error messages back from SMTP instead of just being timed out it would let us pass.
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 33551396
You would have to have very fancy firewall rules to block a certain IP from sending messages to the SMTP server after a certain period . And if you did block the IP, how does the testing authority determine that would in turn give a possible buffer overflow?
There are 2 ways to "block" an IP, either -j DROP or -j REJECT. The difference is that with REJECT, the caller gets error ECONNREFUSED (or you can configure for a limited number of other errors - see man iptables ). With DROP, nothing is returned: it is as if the connection request had gone to an open-circuit cable. It is up to the caller to time-out the request.
Possibly you can fix your problem by replacing DROP with RESET in the appropriate rule therefore.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now