[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How would I write an iptables command to allow an IP to bypass the bypass the SMTP Proxy?

Posted on 2010-08-27
4
Medium Priority
?
378 Views
Last Modified: 2012-05-10
I need to allow a certain IP to bypass the SMTP proxy on our Linux server. What is the command I would type in SSH to allow this?
0
Comment
Question by:darrenl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548645
This is quite difficult to answer, not knowing how your network is setup and how you are intercepting SMTP traffic and redirecting it at the moment, but something like the following line may work:

iptables -I FORWARD -s src.ip.addr. -p tcp --dport 25 -j ACCEPT
0
 
LVL 3

Expert Comment

by:kiitii
ID: 33548886
Yeah i agree with mcuk_storm, you will have to elaborate what is your current environment?

Assumption, you have a server running linux and uses iptables as Firewall.
We do not know, whether have you setup masquerading for internet access?
It will be easier if you can paste your current iptables rules here, and you can hide your public ip address.
That will ease the experts here to assist you to achieve what you want.
 
0
 

Author Comment

by:darrenl
ID: 33549878
Hi guys, I apologize. My setup is a CentOS server. The reason I ask is we failed PCI compliance because I believe the firewall blocks a certain IP from sending messages to the SMTP server after a certain period, which in turn gives a possible buffer overflow. So if I could allow that IP to get an error messages back from SMTP instead of just being timed out it would let us pass.
0
 
LVL 35

Accepted Solution

by:
Duncan Roe earned 2000 total points
ID: 33551396
You would have to have very fancy firewall rules to block a certain IP from sending messages to the SMTP server after a certain period . And if you did block the IP, how does the testing authority determine that would in turn give a possible buffer overflow?
There are 2 ways to "block" an IP, either -j DROP or -j REJECT. The difference is that with REJECT, the caller gets error ECONNREFUSED (or you can configure for a limited number of other errors - see man iptables ). With DROP, nothing is returned: it is as if the connection request had gone to an open-circuit cable. It is up to the caller to time-out the request.
Possibly you can fix your problem by replacing DROP with RESET in the appropriate rule therefore.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month14 days, 10 hours left to enroll

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question