iptables: open port 25 CentOS 7 [closed]
I have problems opening port 25 for sendmail on my CentOS 7 machine.
Here's my iptables configuration:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Service is running:
[root@server1 /]# netstat -tnlp | grep sendmail
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 5857/sendmail
Any ideas why it's not working? Thanks a lot for the help!
The problem is that the default sendmail configuration is to only listen on localhost, not external interfaces, you will need to reconfigure Sendmail to allow this.
You will need to install sendmail-cf:
sudo yum install sendmail-cf
Then, edit your DAEMON_OPTIONS:
cd /etc/mail
sudo vi sendmail.mc
Look for the entry:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Change it to:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Save the file, run make:
make
Restart sendmail:
sudo systemctl restart sendmail
That should open you up to listening on port 25 on all interfaces, which should be compatible with the firewall ruleset you have given above.
I believe your binding is where you need to look at, desirable output should be:
# netstat -an | egrep '\:25.*LISTEN'
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 :::25 :::* LISTEN
#
As in your case if you disable firewall all together, you still won't be able to reach your smtp server due to binding to local loop interface only, assuming you're using postfix
, look at inet_interfaces
inside of your main.cf
.