HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Firewall question for Virtual Users/domains using postfix/courier/MySQL (http://www.howtoforge.com/forums/showthread.php?t=2234)

toastmaster 25th January 2006 03:41

Firewall question for Virtual Users/domains using postfix/courier/MySQL
 
I completed the howto on virtual domains/user with postfix,courier,MySQL and have been testing for a while. I then wanted to add a firewall so I followed the howto http://www.howtoforge.com/linux_iptables_sarge by themachine. I used the following lines for my iptables configuration:

# iptables -A INPUT -s 192.168.1.10 -d 10.1.15.1 -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 25 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 143 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 110 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -s 127.0.0.1 -j ACCEPT
# iptables -A INPUT -j REJECT
# iptables -A FORWARD -j REJECT

After saving this configuration, the mail stopped coming through. I was able to trace the mail logs and see that postfix was not able to connect to MySQL. I was getting errors saying:

Jan 24 18:18:58 cronos postfix/proxymap[2458]: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)

Etc..

So I ran this command:

# iptables -I INPUT 5 -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT

This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.

Thanks in advance for your help and thanks to all of those who work on this site. It has definitely been a great help to me.

falko 25th January 2006 07:04

Quote:

Originally Posted by toastmaster
# iptables -I INPUT 5 -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT

This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.

I guess you mean
Code:

iptables -I INPUT -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT
?
It's ok, because it's only for connection within your server, not from the outside world. :)


All times are GMT +2. The time now is 21:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.