Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th June 2009, 16:44
davew davew is offline
Junior Member
 
Join Date: May 2009
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default Adding rules to IPTables/Postfix ports

I need to accept smtp traffic on additional ports to 25 because some of my clients have ISPs that block port 25 traffic to anything other than their ISPs mail servers.

A while ago I implemented this with a quick workaround using IPTables where I added the rule...
-A PREROUTING -p tcp -m tcp --dport 587 -j REDIRECT --to-ports 25

to /etc/sysconfig/iptables

When I turn the firewall on in ISPConfig 3, the bastille script (I assume) rewrites iptables and discards my redirect.

Is there an easy way to add my rerouting rule so it "sticks" or any other way of allowing postfix to listen on more than one port ? I assume I need to use /usr/local/ispconfig/server/conf-custom/ for the former ?

Am I correct in thinking that this prerouting rule also allows fail2ban (on port 25) to work correctly for this new port ?
Reply With Quote
Sponsored Links
  #2  
Old 11th June 2009, 18:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

There is no way implemented to add any custom rules. It might get added in later versions.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th June 2009, 20:26
davew davew is offline
Junior Member
 
Join Date: May 2009
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Default

OK, thanks. I'll change the postfix config to get it to listen on both ports then.
Reply With Quote
  #4  
Old 2nd September 2009, 07:37
rbartz rbartz is offline
Member
 
Join Date: Apr 2006
Posts: 80
Thanks: 9
Thanked 6 Times in 5 Posts
 
Default

Quote:
Originally Posted by till View Post
There is no way implemented to add any custom rules. It might get added in later versions.
Actually, there may be an easy way, at least on Fedora Linux most or all Cores and maybe in all Linux distros using Bastille.

In /etc/Bastille you should have or can create a directory named firewall.d. In that directory, you can add a file that is run on server reboot, thus restoring your "special" rules such as blocking a Nigerian ISP that has some nasty fellows who are constantly probing your server....
======================
cd /etc/Bastille
mkdir firewall.d
vi post-rule-setup.sh

INSERT the iptables COMMANDS you need, for example

iptables -I INPUT -m iprange --src-range 82.128.0.0-82.128.127.255 -j DROP
iptables -I OUTPUT -m iprange --dst-range 82.128.0.0-82.128.127.255 -j DROP
=======================

Save the file, then when iptables starts at boot it loads these rules.

I have found this to be an effective way to permanently deal with a lot of the server brute-force-attacks originating again and again in some countries, and to forever block someone who used cracked SMTP logins to spam.

Any iptables rules in the file are run, but be sure that the rules are valid and tested from the command line so that you don't break iptables on boot.

Richard
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamsnake - Problem with spamassassin, FuzzyOcr and MySQL debuguser HOWTO-Related Questions 6 16th September 2008 18:37
Virtual Users with Postfix/Courier/Amavis etc...Quarantine? volksman HOWTO-Related Questions 9 30th January 2008 11:53
Strato Server - Restoring with SystemImager popper2001 HOWTO-Related Questions 5 28th July 2007 10:18
ISPconfig, blocked ports (pop/smtp), Authentication/SSL orasis Installation/Configuration 13 19th March 2007 13:29
Creating image with Systemimager cuongtim HOWTO-Related Questions 3 18th November 2006 13:55


All times are GMT +2. The time now is 22:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.