Firewall question for Virtual Users/domains using postfix/courier/MySQL

Discussion in 'HOWTO-Related Questions' started by toastmaster, Jan 25, 2006.

  1. toastmaster

    toastmaster New Member

    I completed the howto on virtual domains/user with postfix,courier,MySQL and have been testing for a while. I then wanted to add a firewall so I followed the howto by themachine. I used the following lines for my iptables configuration:

    # iptables -A INPUT -s -d -p tcp --dport 22 -j ACCEPT
    # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    # iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
    # iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
    # iptables -A INPUT -d -p tcp --dport 25 -j ACCEPT
    # iptables -A INPUT -d -p tcp --dport 143 -j ACCEPT
    # iptables -A INPUT -d -p tcp --dport 110 -j ACCEPT
    # iptables -A INPUT -d -s -j ACCEPT
    # iptables -A INPUT -j REJECT
    # iptables -A FORWARD -j REJECT

    After saving this configuration, the mail stopped coming through. I was able to trace the mail logs and see that postfix was not able to connect to MySQL. I was getting errors saying:

    Jan 24 18:18:58 cronos postfix/proxymap[2458]: warning: connect to mysql server Can't connect to MySQL server on '' (111)


    So I ran this command:

    # iptables -I INPUT 5 -d -s -j ACCEPT

    This fixed the problem but I am just wanted to make sure this was the correct thing to do or if there is a better way to do this. I am a n00b so I just wanted to make sure that I am not doing anything wrong that will compromise the system.

    Thanks in advance for your help and thanks to all of those who work on this site. It has definitely been a great help to me.
  2. falko

    falko Super Moderator Howtoforge Staff

    I guess you mean
    iptables -I INPUT -d -s -j ACCEPT
    It's ok, because it's only for connection within your server, not from the outside world. :)

Share This Page