1. Home
  2. Networking Firewalls
  3. Open POP3 port and VPN

Open POP3 port and VPN

Hi,

I am Vinod, I have Redhat Linux 9 as my firewall and mailserver and I want to open pop3(110) port and We have Cisco VPN installed on our UK office and from here we are trying to connect to the VPN server through Cisco VPN Client installed on one of the windows 2000 pro client machine, if I connect through some internet dialup I am able to connect but if I go through our internet gateway that is our firewall I am not able to connect.

I don't know if I want to open some port in the firewall so that my vpn works fine, following is my iptables

# Generated by iptables-save v1.2.9 on Tue Jun 15 15:16:30 2004

*mangle :PREROUTING ACCEPT [7589140:3899377832] :INPUT ACCEPT [1296105:906900344] :FORWARD ACCEPT [6292332:2992176682] :OUTPUT ACCEPT [836464:135776667] :POSTROUTING ACCEPT [7126045:3127754859] COMMIT # Completed on Tue Jun 15 15:16:30 2004 # Generated by iptables-save v1.2.9 on Tue Jun 15 15:16:30 2004 *nat :PREROUTING ACCEPT [376941:25700390] :POSTROUTING ACCEPT [5165:313017] :OUTPUT ACCEPT [10977:675933]

-A PREROUTING -d 22.8.33.9 -i eth0 -p tcp -m tcp --dport 80 -j DNAT

--to-destination 192.168.0.1

-A PREROUTING -d 22.8.33.9 -i eth0 -p tcp -m tcp --dport 21 -j DNAT

--to-destination 192.168.0.1

-A PREROUTING -d 22.8.33.9 -i eth0 -p tcp -m tcp --dport 20 -j DNAT

--to-destination 192.168.0.1

-A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Jun 15 15:16:30 2004 # Generated by iptables-save v1.2.9 on Tue Jun 15 15:16:30 2004

*filter :ICMPINBOUND - [0:0] :LINVALID - [0:0] :SMB - [0:0] :INPUT DROP [0:0] :LDROP - [0:0] :SPECIALPORTS - [0:0] :LBADFLAG - [0:0] :OUTPUT DROP [0:0] :TCPACCEPT - [0:0] :LPINGFLOOD - [0:0] :ICMPOUTBOUND - [0:0] :FORWARD DROP [0:0] :LSPECIALPORT - [0:0] :LSYNFLOOD - [0:0] :CHECKBADFLAG - [0:0] :LREJECT - [0:0]

-A INPUT -m state --state INVALID -j LINVALID

-A INPUT -p tcp -j CHECKBADFLAG

-A INPUT -i lo -j ACCEPT

-A INPUT -d 127.0.0.0/255.0.0.0 -j LREJECT

-A INPUT -s 192.168.0.0/255.255.255.0 -i eth1 -j ACCEPT

-A INPUT -s 192.168.0.0/255.255.255.0 -j LREJECT

-A INPUT -p icmp -i eth0 -j ICMPINBOUND

-A INPUT -p udp -m udp --dport 33434:33523 -j LDROP

-A INPUT -i eth0 -j SMB

-A INPUT -p tcp -m tcp -i eth0 --dport 113 -j REJECT --reject-with tcp-reset

-A INPUT -p tcp -m tcp -i eth0 --dport 25 -j TCPACCEPT

-A INPUT -i eth0 -j SPECIALPORTS

-A INPUT -m state -i eth0 --state ESTABLISHED -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport 1024:65535 --state RELATED -j TCPACCEPT

-A INPUT -p udp -m udp -m state -i eth0 --dport 1024:65535 --state RELATED -j ACCEPT

-A INPUT -j LDROP

-A FORWARD -m state --state INVALID -j LINVALID

-A FORWARD -p tcp -j CHECKBADFLAG

-A FORWARD -o eth0 -j SMB

-A FORWARD -p tcp -m tcp -s 192.168.0.1 -o eth0 --sport 80 -j ACCEPT

-A FORWARD -p tcp -m tcp -s 192.168.0.1 -o eth0 --sport 21 -j ACCEPT

-A FORWARD -p tcp -m tcp -s 192.168.0.1 -o eth0 --sport 20 -j ACCEPT

-A FORWARD -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -i eth1 -o eth0

--sport 1024:65535 -j ACCEPT

-A FORWARD -p udp -m udp -s 192.168.0.0/255.255.255.0 -i eth1 -o eth0

--sport 1024:65535 -j ACCEPT

-A FORWARD -p icmp -s 192.168.0.0/255.255.255.0 -i eth1 -o eth0 -j ACCEPT

-A FORWARD -i eth0 -j SMB

-A FORWARD -m state -i eth0 --state ESTABLISHED -j ACCEPT

-A FORWARD -p tcp -m tcp -m state -i eth0 --dport 1024:65535 --state RELATED -j TCPACCEPT

-A FORWARD -p udp -m udp -m state -i eth0 --dport 1024:65535 --state RELATED -j ACCEPT

-A FORWARD -p icmp -m state -i eth0 --state RELATED -j ACCEPT

-A FORWARD -p tcp -m tcp -d 192.168.0.1 -i eth0 --dport 80 -j ACCEPT

-A FORWARD -p tcp -m tcp -d 192.168.0.1 -i eth0 --dport 21 -j ACCEPT

-A FORWARD -p tcp -m tcp -d 192.168.0.1 -i eth0 --dport 20 -j ACCEPT

-A FORWARD -j LDROP

-A OUTPUT -o lo -j ACCEPT

-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth1 -j ACCEPT

-A OUTPUT -p icmp -o eth0 -j ICMPOUTBOUND

-A OUTPUT -o eth0 -j SMB

-A OUTPUT -p tcp -m tcp -o eth0 --sport 113 -j REJECT --reject-with tcp-reset

-A OUTPUT -p tcp -m tcp -m state -o eth0 --sport 25 --state ESTABLISHED

-j ACCEPT

-A OUTPUT -p tcp -m tcp -s 22.8.33.9 -o eth0 --sport 1024:65535 -j ACCEPT

-A OUTPUT -p udp -m udp -s 22.8.33.9 -o eth0 --sport 1024:65535 -j ACCEPT

-A OUTPUT -j LDROP

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j LBADFLAG

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j LBADFLAG

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j LBADFLAG

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE

-j LBADFLAG

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LBADFLAG

-A CHECKBADFLAG -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LBADFLAG

-A ICMPINBOUND -p icmp -m icmp -m limit --icmp-type 8 --limit 5/sec

--limit-burst 10 -j ACCEPT

-A ICMPINBOUND -p icmp -m icmp --icmp-type 8 -j LPINGFLOOD

-A ICMPINBOUND -p icmp -m icmp --icmp-type 5 -j LDROP

-A ICMPINBOUND -p icmp -m icmp --icmp-type 13 -j LDROP

-A ICMPINBOUND -p icmp -m icmp --icmp-type 14 -j LDROP

-A ICMPINBOUND -p icmp -m icmp --icmp-type 17 -j LDROP

-A ICMPINBOUND -p icmp -m icmp --icmp-type 18 -j LDROP

-A ICMPINBOUND -p icmp -j ACCEPT

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 5 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 11/0 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 11/1 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 12 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 13 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 14 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 17 -j LDROP

-A ICMPOUTBOUND -p icmp -m icmp --icmp-type 18 -j LDROP

-A ICMPOUTBOUND -p icmp -j ACCEPT

-A LBADFLAG -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=BADFLAG:1 a=DROP "

-A LBADFLAG -j DROP

-A LDROP -p tcp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=TCP:1 a=DROP "

-A LDROP -p udp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=UDP:2 a=DROP "

-A LDROP -p icmp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=ICMP:3 a=DROP "

-A LDROP -m limit -f --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=FRAGMENT:4 a=DROP "

-A LDROP -j DROP

-A LINVALID -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=INVALID:1 a=DROP "

-A LINVALID -j DROP

-A LPINGFLOOD -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=PINGFLOOD:1 a=DROP "

-A LPINGFLOOD -j DROP

-A LREJECT -p tcp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=TCP:1 a=REJECT "

-A LREJECT -p udp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=UDP:2 a=REJECT "

-A LREJECT -p icmp -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=ICMP:3 a=REJECT "

-A LREJECT -m limit -f --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=FRAGMENT:4 a=REJECT "

-A LREJECT -p tcp -j REJECT --reject-with tcp-reset

-A LREJECT -p udp -j REJECT --reject-with icmp-port-unreachable

-A LREJECT -j REJECT --reject-with icmp-port-unreachable

-A LSPECIALPORT -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=SPECIALPORT:1 a=DROP "

-A LSPECIALPORT -j DROP

-A LSYNFLOOD -m limit --limit 2/sec --limit-burst 10 -j LOG

--log-prefix "fp=SYNFLOOD:1 a=DROP "

-A LSYNFLOOD -j DROP

-A SMB -p tcp -m tcp --dport 137 -j DROP

-A SMB -p tcp -m tcp --dport 138 -j DROP

-A SMB -p tcp -m tcp --dport 139 -j DROP

-A SMB -p tcp -m tcp --dport 445 -j DROP

-A SMB -p udp -m udp --dport 137 -j DROP

-A SMB -p udp -m udp --dport 138 -j DROP

-A SMB -p udp -m udp --dport 139 -j DROP

-A SMB -p udp -m udp --dport 445 -j DROP

-A SMB -p tcp -m tcp --sport 137 -j DROP

-A SMB -p tcp -m tcp --sport 138 -j DROP

-A SMB -p tcp -m tcp --sport 139 -j DROP

-A SMB -p tcp -m tcp --sport 445 -j DROP

-A SMB -p udp -m udp --sport 137 -j DROP

-A SMB -p udp -m udp --sport 138 -j DROP

-A SMB -p udp -m udp --sport 139 -j DROP

-A SMB -p udp -m udp --sport 445 -j DROP

-A SPECIALPORTS -p tcp -m tcp --dport 6670 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 1243 -j LSPECIALPORT

-A SPECIALPORTS -p udp -m udp --dport 1243 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 27374 -j LSPECIALPORT

-A SPECIALPORTS -p udp -m udp --dport 27374 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 6711:6713 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 12345:12346 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 20034 -j LSPECIALPORT

-A SPECIALPORTS -p udp -m udp --dport 31337:31338 -j LSPECIALPORT

-A SPECIALPORTS -p tcp -m tcp --dport 6000:6063 -j LSPECIALPORT

-A SPECIALPORTS -p udp -m udp --dport 28431 -j LSPECIALPORT

-A TCPACCEPT -p tcp -m tcp -m limit --tcp-flags SYN,RST,ACK SYN --limit

5/sec --limit-burst 10 -j ACCEPT

-A TCPACCEPT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j LSYNFLOOD

-A TCPACCEPT -p tcp -m tcp ! --tcp-flags SYN,RST,ACK SYN -j ACCEPT COMMIT

I want to know how to open pop3 port for outside access and for the perticular ip and which port should be open for my vpn to work and how to

Some one please help me on this issue it is very urgent

Thanks in advance

Regards

Vinod

Reply to
Vinod
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.