Linux iptables not working
Solution 1
If netstat -tapnl | grep 25
doesn't return something like 0:0:0:0:25 (or the paticular IP you query) it means nothing is listening on that port and IPTables is not the problem -- or at least not the only problem.
Solution 2
The earlier suggestion that you don't have a service listening on port 25 is the most likely.
Another suggestion is to verify both the rules and the interfaces. For example, run:
iptables -L -v
will also show the interfaces. Hence there can be different rules for different interfaces (especially the lo interface that will typically be ACCEPT for all traffic).
Related videos on Youtube
Elan Hasson
I live and work near Baltimore, MD as a software engineer. In my spare time, I like to be as "sponge-like" as possible by reading, writing, and, yes, programming for fun.
Updated on September 17, 2022Comments
-
Elan Hasson almost 2 years
I updated my iptables in Ubuntu 10.04, but it doesn't seem to be having any affect on the opened ports.
When I run
iptables --list
, the following line shows upChain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere tcp dpt:smtp
However, when I try to do a port scan to see if port 25 is open, it responds as closed. Could there be something further upstream that is blocking the port? Or do I need to do something to 'restart' the firewall after modifying the IP tables?
Linux Noob here if it doesn't quite come through ...
-
Zoredache almost 14 yearsIs there a service listening on port 25? Can you also post the contents of your OUTPUT chain?
-
Elan Hasson almost 14 yearsI have exim4 running (which I assumed -- probably incorrectly -- to be listening on port 25). How do I get my output chain?
-
-
RHELAdmin almost 14 yearsYup. RHEL does that on the default install to prevent inexperienced users from making an open mail relay.
-
Elan Hasson almost 14 yearsIt doesn't. I'm thinking that I need to re-run the exim4 configuration and tell it to listen for all incoming requests. Currently it looks like it's configured for only 127.0.0.1 and ::1.