我正在尝试添加 iptables 规则以允许端口 465 和 587 上的流量到 google apps smtp 服务器。但我运气不佳。当我关闭 iptables 时,我的 WHMCS 安装可以与 google apps 很好地配合使用,但 iptables 再次自行打开并且电子邮件停止工作。请添加规则以允许来自端口 465 和 587 的流量。
以下是我从 /etc/sysconfig/iptables 中抓取的 IPTables 规则
# Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012
*filter
:INPUT ACCEPT [2191:434537]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2390:987151]
:acctboth - [0:0]
-A INPUT -j acctboth
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j ACCEPT
-A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j ACCEPT
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -j acctboth
-A OUTPUT -o eth0 -p tcp -m tcp --sport 587 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 465 -m state --state ESTABLISHED -j ACCEPT
<<IN THIS SPACE RULES ARE RELATED TO SPECIFIC IPS ONLY>>
-A acctboth -i ! lo
COMMIT
# Completed on Fri Oct 5 01:33:52 2012
# Generated by iptables-save v1.3.5 on Fri Oct 5 01:33:52 2012
*nat
:PREROUTING ACCEPT [196:12398]
:POSTROUTING ACCEPT [191:15070]
:OUTPUT ACCEPT [190:15010]
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mailman -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --gid-owner mail -j RETURN
-A OUTPUT -d 127.0.0.1 -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner cpanel -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -m owner --uid-owner root -j RETURN
-A OUTPUT -p tcp -m multiport --dports 25,465,587 -j REDIRECT
COMMIT
# Completed on Fri Oct 5 01:33:52 2012
谢谢
哈桑
答案1
您需要一条规则来允许流量返回。
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
答案2
如果这是网关(将其他机器的流量从 LAN 转发到互联网),那么您应该将规则移到 FORWARD 链上。INPUT 和 OUTPUT 仅适用于本地机器的流量。