On Mon, 2004-08-30 at 19:08, Aly Dharshi wrote: > Hi Folks, > > I am new to the world of IPTables and I have rules such as: > > iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED > -j ACCEPT > iptables -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED > -j LOG --log-prefix "IPTABLES TCP-IN" --log-level 1 > > Where can I see these logs, I assumed that they would be in /var/log/messages > but nothing shows. > > Secondly on this same box that is running this firewall I have a mail server > that just sends mail out, if I try to send a message from the box to the local > smtpd on the box it just sits there, these are all my rules: > > -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j ACCEPT > -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state ESTABLISHED -j LOG > --log-prefix "IPTABLES TCP-IN" --log-level 1 > -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j ACCEPT > -A INPUT -d 161.184.244.187 -i eth0 -p udp -m state --state ESTABLISHED -j LOG > --log-prefix "IPTABLES UDP-IN" --log-level 1 > -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport > 22 -j ACCEPT > -A INPUT -d 161.184.244.187 -i eth0 -p tcp -m state --state NEW -m tcp --dport > 22 -j LOG --log-prefix "IPTABLES SSH-IN" --log-level 1 > -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j > ACCEPT > -A OUTPUT -s 161.184.244.187 -o eth0 -p tcp -m state --state NEW,ESTABLISHED -j > LOG --log-prefix "IPTABLES TCP-OUT" --log-level 1 > -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j > ACCEPT > -A OUTPUT -s 161.184.244.187 -o eth0 -p udp -m state --state NEW,ESTABLISHED -j > LOG --log-prefix "IPTABLES UDP-OUT" --log-level 1 > > What am I doing wrong, should I have a rule to allow incoming 25 on tcp, as I > have listed the full hostname in the mail settings. > > Cheers, > > Aly. > > > -- > Aly Dharshi > aly.dharshi@xxxxxxxxx I would recomend you start by using a tool that sets your rules up for you at first until you are clear on what the rules do. I noticed also that you are using -d on input rules, unless you have some PREROUTING chain requirement or a non etherent/ppp type interface this is pointless. Also use of the OUTPUT chain has very very specific applications, I would be surprised if your criteria require it. Also for logging to work properly the log rule must be above what it is trying to log. Once a rule matched/hit packets are no longer processed within that chain. For security related stuff always confirm information you are given. Iptables related stuff, the netfilter list is the place to be. Ted