Solved

How would I write an iptables command to allow an IP to bypass the bypass the SMTP Proxy?

Posted on 2010-08-27
4
366 Views
Last Modified: 2012-05-10
I need to allow a certain IP to bypass the SMTP proxy on our Linux server. What is the command I would type in SSH to allow this?
0
Comment
Question by:darrenl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Expert Comment

by:mcuk_storm
ID: 33548645
This is quite difficult to answer, not knowing how your network is setup and how you are intercepting SMTP traffic and redirecting it at the moment, but something like the following line may work:

iptables -I FORWARD -s src.ip.addr. -p tcp --dport 25 -j ACCEPT
0
 
LVL 3

Expert Comment

by:kiitii
ID: 33548886
Yeah i agree with mcuk_storm, you will have to elaborate what is your current environment?

Assumption, you have a server running linux and uses iptables as Firewall.
We do not know, whether have you setup masquerading for internet access?
It will be easier if you can paste your current iptables rules here, and you can hide your public ip address.
That will ease the experts here to assist you to achieve what you want.
 
0
 

Author Comment

by:darrenl
ID: 33549878
Hi guys, I apologize. My setup is a CentOS server. The reason I ask is we failed PCI compliance because I believe the firewall blocks a certain IP from sending messages to the SMTP server after a certain period, which in turn gives a possible buffer overflow. So if I could allow that IP to get an error messages back from SMTP instead of just being timed out it would let us pass.
0
 
LVL 34

Accepted Solution

by:
Duncan Roe earned 500 total points
ID: 33551396
You would have to have very fancy firewall rules to block a certain IP from sending messages to the SMTP server after a certain period . And if you did block the IP, how does the testing authority determine that would in turn give a possible buffer overflow?
There are 2 ways to "block" an IP, either -j DROP or -j REJECT. The difference is that with REJECT, the caller gets error ECONNREFUSED (or you can configure for a limited number of other errors - see man iptables ). With DROP, nothing is returned: it is as if the connection request had gone to an open-circuit cable. It is up to the caller to time-out the request.
Possibly you can fix your problem by replacing DROP with RESET in the appropriate rule therefore.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question