Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 25th January 2006, 03:41
toastmaster toastmaster is offline
Junior Member
 
Join Date: Jan 2006
Location: Ephrata, Washington, USA
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to toastmaster
Question Firewall question for Virtual Users/domains using postfix/courier/MySQL

I completed the howto on virtual domains/user with postfix,courier,MySQL and have been testing for a while. I then wanted to add a firewall so I followed the howto http://www.howtoforge.com/linux_iptables_sarge by themachine. I used the following lines for my iptables configuration:

# iptables -A INPUT -s 192.168.1.10 -d 10.1.15.1 -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 25 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 143 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -p tcp --dport 110 -j ACCEPT
# iptables -A INPUT -d 10.1.15.1 -s 127.0.0.1 -j ACCEPT
# iptables -A INPUT -j REJECT
# iptables -A FORWARD -j REJECT

After saving this configuration, the mail stopped coming through. I was able to trace the mail logs and see that postfix was not able to connect to MySQL. I was getting errors saying:

Jan 24 18:18:58 cronos postfix/proxymap[2458]: warning: connect to mysql server 127.0.0.1: Can't connect to MySQL server on '127.0.0.1' (111)

Etc..

So I ran this command:

# iptables -I INPUT 5 -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT

This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.

Thanks in advance for your help and thanks to all of those who work on this site. It has definitely been a great help to me.
__________________
Jason Gerdes
Reply With Quote
Sponsored Links
  #2  
Old 25th January 2006, 07:04
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,739 Times in 2,574 Posts
 
Default

Quote:
Originally Posted by toastmaster
# iptables -I INPUT 5 -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT

This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.
I guess you mean
Code:
iptables -I INPUT -d 127.0.0.1 -s 127.0.0.1 -j ACCEPT
?
It's ok, because it's only for connection within your server, not from the outside world.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
I need a suitable firewall. agul Server Operation 4 23rd November 2005 00:12
question about the builtin firewall Ovidiu Installation/Configuration 1 9th October 2005 18:30


All times are GMT +2. The time now is 12:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.