Firewall question for Virtual Users/domains using postfix/courier/MySQL
I completed the howto on virtual domains/user with postfix,courier,MySQL and have been testing for a while. I then wanted to add a firewall so I followed the howto http://www.howtoforge.com/linux_iptables_sarge by themachine. I used the following lines for my iptables configuration:
# iptables -A INPUT -s 192.168.1.10 -d 10.1.15.1 -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 25 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 143 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 110 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -s 127.0.0.1 -j ACCEPT
# iptables -A INPUT -j REJECT
# iptables -A FORWARD -j REJECT
After saving this configuration, the mail stopped coming through. I was able to trace the mail logs and see that postfix was not able to connect to MySQL. I was getting errors saying:
Jan 24 18:18:58 cronos postfix/proxymap: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)
So I ran this command:
# iptables -I INPUT 5 -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT
This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.
Thanks in advance for your help and thanks to all of those who work on this site. It has definitely been a great help to me.
It's ok, because it's only for connection within your server, not from the outside world. :)
|All times are GMT +2. The time now is 10:42.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.