iptables 不允许 SMTP 通过

2024-5-27 • tag-icon

我正在尝试设置 iptables 以允许 SMTP 连接，但它似乎不起作用。

以下是输出iptables -L：

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             127.0.0.0/8         reject-with icmp-port-unreachable 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:afs3-callback 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:3980 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:irdmi 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:hbci 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:hbci 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:irdmi 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 

Chain RH-Firewall-1-INPUT (0 references)
target     prot opt source               destination

当我尝试执行时telnet host.address.com 25，它显示Connection refused。连接到其他端口（例如 80）就可以正常工作。我如何弄清楚这里发生了什么？

编辑：

尝试在机器上进行连接确实有效：

[root@machine user]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.address.com ESMTP Postfix

编辑2：

以下是的输出iptables-save：

# Generated by iptables-save v1.3.5 on Wed Oct 13 22:50:11 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 7001 -j ACCEPT 
-A INPUT -p udp -m multiport --dports 137,138 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 7002 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 
-A INPUT -p udp -m udp --dport 25 -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 139,445 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 3000 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -p udp -m udp --dport 137 -j ACCEPT 
-A INPUT -p udp -m udp --dport 138 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-port-unreachable 
-A OUTPUT -j ACCEPT 
COMMIT
# Completed on Wed Oct 13 22:50:11 2010
# Generated by iptables-save v1.3.5 on Wed Oct 13 22:50:11 2010
*raw
:PREROUTING ACCEPT [3267:2601193]
:OUTPUT ACCEPT [1984:334831]
COMMIT
# Completed on Wed Oct 13 22:50:11 2010

答案1

啊，真是个愚蠢的错误。我的文件有问题main.cf。我需要设置inet_interfaces = all。之前它只接受来自localhost。

答案1

相关内容