Postfix Smtp Outgoing IP Rotator using iptables

Nov 30th, 2009 | iptables, postfix, smtp | No Comments


This is the scheme

e.g:

I got 5 Public IPs. i’m Gonna configure them, so Postfix can use multiple interfaces/ips for outgoing smtp connections.

First we need creating Interface aliases for those 5 public IPs.

In my system, using fedora:

# cd /etc/sysconfig/network-scripts/
# cp ifcfg-eth0 ifcfg-eth0:1

Edit ifcfg-eth0:1

# vi ifcfg-eth0\:1

DEVICE=eth0 <-- default device
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.XXX.XX.2 <-- default eth0 IP address
PREFIX=24
GATEWAY=202.XXX.XX.1
DNS1=202.XXX.XX.XX

Change DEVICE and IPADDR parameters

→ continue reading

bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark


Iptables Selectively Allowing ssh Connection

Oct 25th, 2009 | iptables, linux | 1 Comment

Sometimes we want to restricting ssh connection just from our own network to prevent abusives login.


this is how to do it with iptables:

# iptables -F
# iptables -N SSHD

# iptables -A SSHD -m state --state NEW,RELATED,ESTABLISHED -s 1.2.3.4/24 -j RETURN
# iptables -A SSHD -m state --state NEW,RELATED,ESTABLISHED -s 5.6.7.8/24 -j RETURN
# iptables -A SSHD -m state --state NEW,RELATED,ESTABLISHED -s a.b.c.d/24 -j RETURN
# iptables -A SSHD -j REJECT --reject-with icmp-host-prohibited

# iptables -A INPUT -p tcp -m tcp --dport 22 -j SSHD

All connection, except from our network we’ve defined in iptables will be reject with icmp-host-prohibited

# iptables -nvL
Chain INPUT (policy ACCEPT 934K packets, 529M bytes)
 pkts bytes target     prot opt in     out     source               destination
 3252  207K SSHD       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22

Chain SSHD (1 references)
 pkts bytes target     prot opt in     out     source               destination
  717 35832 RETURN     all  --  *      *       1.2.3.4/24      0.0.0.0/0           state NEW,RELATED,ESTABLISHED
 2535  171K RETURN     all  --  *      *       5.6.7.8/24      0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 RETURN     all  --  *      *       a.b.c.d/24      0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 REJECT     all  --  *      *       0.0.0.0/0       0.0.0.0/0           reject-with icmp-host-prohibited

bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark


Page 1 of 212