Linux iptables not working

iptableslinuxsmtpUbuntu

I updated my iptables in Ubuntu 10.04, but it doesn't seem to be having any affect on the opened ports.

When I run iptables --list, the following line shows up

Chain INPUT (policy DROP)
target   prot opt source              destination
ACCEPT   all  --  anywhere            anywhere         tcp dpt:smtp

However, when I try to do a port scan to see if port 25 is open, it responds as closed. Could there be something further upstream that is blocking the port? Or do I need to do something to 'restart' the firewall after modifying the IP tables?

Linux Noob here if it doesn't quite come through …

Best Answer

If netstat -tapnl | grep 25 doesn't return something like 0:0:0:0:25 (or the paticular IP you query) it means nothing is listening on that port and IPTables is not the problem -- or at least not the only problem.

Related Solutions

Linux – iptables port forward forwarding

You're sending the traffic to 10.52.208.221. Given the config you posted, your problem is the webserver, not the firewall. Your rules look to be correct. FORWARD and INPUT are redirected to RH-Firewall-1-INPUT where your first rule is to allow all traffic. As somebody else pointed out, you could be allowing all traffic on eth1, while the world is actually coming in eth0. Secondary, you have to NAT the traffic as it goes back out to the world

iptables --table nat --append POSTROUTING --proto tcp --dport 80 --jump MASQUERADE -o OUT_INTERFACE

Your traffic originating from the router will never hit the input or forward chains, but instead traverse the output chain on to the webserver. Other systems in that subnet will similarly go directly to the webserver. Systems out on the world at large however will traverse the INPUT / FORWARD chains and need SNAT as well as DNAT so that it appears to the world to be one machine. You still cannot test from within your network. you must test from the opposite interface from the webserver. Get me your IP addresses and I'll point you to the proper configs.

Linux – Allow traffic on one port from one IP address with iptables

Looks like I was using the wrong IP address. My hosting provider identified the true IP of the server upon which my VPS was residing. I entered that, and everything worked like magic!

Best Answer

Related Solutions

Linux – iptables port forward forwarding

Linux – Allow traffic on one port from one IP address with iptables

Related Topic