[TCLUG] firewalling around sendmail

Wed Mar 14 09:39:53 CST 2001

I've got a sendmail server that I've given heavy firewalling through
IPchains.  Apparently it was too heavy, because now sendmail won't work at
all.  I've got:

ipchains -A input -i eth0 -p tcp -s any/0 80 -j ACCEPT
ipchains -A input -i eth0 -p tcp -s any/0 25 -j ACCEPT
ipchains -A input -i eth0 -p tcp -s any/0 110 -j ACCEPT
ipchains -A input -i eth0 -p tcp -s any/0 6667 -j ACCEPT

and sendmail was firewalled out.  After consulting the book "linux
firewalls", I was reminded that e-mail uses some ports > 1023 (at least
Groupwise does, so it made sense) so now I've got:

ipchains -A output -i eth0 -p tcp -s 12.27.41.52 1024:65535 -d any/0 25 -j ACCEPT
ipchains -A output -i eth0 -p tcp ! -y -s 12.27.41.52 25 -d any/0 1024:65535 -j ACCEPT
ipchains -A input -i eth0 -p tcp -s any/0 1024:65535 -d 12.27.41.52 25 -j ACCEPT
ipchains -A input -i eth0 -p tcp ! -y -s any/0 25 -d 12.27.41.52 1024:65535 -j ACCEPT

and it's still firewalled out.  Any ideas?  Sendmail works 100% when I
ipchains -F.

-Brian