Question here regarding iptables.
I have ports 465 and 587 open in the OUTPUT chain for my iptables. However, trying to do a telnet smtp.gmail.com 465 or telnet smtp.gmail.com 587 from my Fedora Core 10 server, no luck, times out.
Yet, when I try the same telnet sequence without iptables running, I'm connected instantly.
Anyway, thanks if anyone is able to help. The 1.2.3.4 is my static home ip to get to the server (changed of course).
Chain INPUT (policy ACCEPT 1375 packets, 161K bytes) pkts bytes target prot opt in out source destination 210 17483 ACCEPT all -- any any 1.2.3.4 anywhere state NEW,RELATED,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere serverA.myserver.com tcp dpt:smtps 0 0 ACCEPT tcp -- any any 1.2.3.4 serverA.myserver.com tcp dpt:mysql 0 0 ACCEPT tcp -- any any 1.2.3.4 serverA.myserver.com tcp dpt:ndmp 0 0 ACCEPT tcp -- any any localhost.localdomain anywhere tcp dpt:mysql 0 0 ACCEPT udp -- any any localhost.localdomain anywhere udp dpt:mysql 29 3442 ACCEPT all -- any any hostingco.ipsubnet/24 serverA.myserver.com 36 2052 ACCEPT tcp -- any any anywhere serverA.myserver.com tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere serverA.myserver.com tcp dpt:https 0 0 ACCEPT icmp -- any any anywhere serverA.myserver.com 152 7920 REJECT all -- any any anywhere serverA.myserver.com reject-with icmp-port-unreachable 0 0 ACCEPT tcp -- any any 1.2.3.4 anywhere tcp dpt:mysql state NEW,ESTABLISHED Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 392 bytes) pkts bytes target prot opt in out source destination 29 2490 ACCEPT udp -- any any anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain 2 120 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:pop3 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtps 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:submission 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp-data 320 33300 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:telnet 0 0 ACCEPT tcp -- any eth0 anywhere anywhere tcp spt:smtps dpt:smtps
Best Answer
can it be that you accept outgoing packets:
but your input policy is DROP and you dont accept packets that are responses to your queries? make sure your input chain contains [for performance benefits - as first instruction]:
?