Troubleshooting Linux Firewalls

Allowing SMTP to/from Your Firewalls

In this configuration, our firewall (Host-A) is running a local MTA (Mail Transfer Agent). This MTA is responsible for sending and/or receiving of e-mail. It is assumed that you have correctly configured your MTA and that it functions when the firewall rules are not loaded. The following example rules should allow both host-based and network-protecting firewalls to allow the SMTP service on the firewall:

Receiving SMTP traffic on Host-A:

$IPTABLES -A INPUT -p tcp--dport 25 -j ACCEPT

This rule would allow inbound SMTP connections on all interfaces. If you wanted to limit this to a specific interface, say in the example of a firewall accepting mail only from an internal network, we would specify the interface with the following:

# where eth1 is the internal interface $IPTABLES -A INPUT -i eth1 -p tcp--dport 25 -j ACCEPT

For allowing outbound SMTP traffic from the firewall, we would use a connection tracking rule as follows:

$IPTABLES -A OUTPUT -p tcp sport 25 -m state \ state NEW,ESTABLISHED,RELATED -j ACCEPT