嘿家伙我有我的iptablesconfiguration问题。 当我允许所有数据包在ruby作品我的邮件。 当我否认所有,并有我的规则设置我有问题发送邮件。
syslog的输出
Jun 21 20:00:41 JJD-PRODUCTION-WEBSITE kernel: [ 1450.576269] IPTables Packet Dropped: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40128 PROTO=TCP SPT=587 DPT=37296 WINDOW=14180 RES=0x00 ACK SYN URGP=0 Jun 21 20:00:41 JJD-PRODUCTION-WEBSITE kernel: [ 1450.979805] IPTables Packet Dropped: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40129 PROTO=TCP SPT=587 DPT=37296 WINDOW=14180 RES=0x00 ACK SYN URGP=0 Jun 21 20:00:42 JJD-PRODUCTION-WEBSITE kernel: [ 1451.574917] IPTables Packet Dropped: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40130 PROTO=TCP SPT=587 DPT=37296 WINDOW=14180 RES=0x00 ACK SYN URGP=0 Jun 21 20:00:42 JJD-PRODUCTION-WEBSITE kernel: [ 1451.579830] IPTables Packet Dropped: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40131 PROTO=TCP SPT=587 DPT=37296 WINDOW=14180 RES=0x00 ACK SYN URGP=0 Jun 21 20:00:43 JJD-PRODUCTION-WEBSITE kernel: [ 1452.779869] IPTables Packet Dropped: IN=eth0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40132 PROTO=TCP SPT=587 DPT=37296 WINDOW=14180 RES=0x00 ACK SYN URGP=0 我已经删除了源端口,目标端口和mac地址/
另外这里是我的iptables -L输出。
root@JJD-PRODUCTION-WEBSITE:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:submission state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100 LOGGING all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp state NEW,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:submission state ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spt:ssmtp state ESTABLISHED Chain LOGGING (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level debug prefix "IPTables Packet Dropped: " DROP all -- anywhere anywhere root@JJD-PRODUCTION-WEBSITE:~#
任何人有任何想法,为什么这是行不通的?
我制定了允许587和465进出的规则
你的规则看起来有点乱,你在ACCEPT anywhere了一系列的规则,这是没有道理的。
有了这个确切的iptables -L ,你允许所有的数据包进出,所以我怀疑你的问题与防火墙有关。 当电子邮件传递被破坏时,请提供iptables -nvL的输出( -n使networking用户更易读,我们的pipe理员像端口号一样)。