1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Horde Behind Firewall Not Working

Discussion in 'Plesk for Windows - 8.x and Older' started by SBCTEC, Oct 15, 2004.

  1. SBCTEC

    SBCTEC Guest

    0
     
    I'm running Fedora Core 2 and Plesk 7.1.4 Reloaded for *nix. It is basically a default installation, but I have implemented my own firewall using iptables. When users try to go to http://webmail.their-domain.com, they get the horde login screen, but after entering in their user name and password, it timeouts with an error that their entered data is wrong. Upon turning off the firewall, everything works perfect. What ports need to be opened for Horde to operate properly? If there's a range of ports that need to be opened ( > 1024), is there a configuration option to specify a particular range? Below is the IPTABLES Script I'm currently using.

    # Configure default policies (-P), meaning default rule to apply if no
    # more specific rule below is applicable. These rules apply if a more
    # specific rule below is not applicable. Defaults are to DROP anything
    # sent to firewall or internal network, permit anything going out.
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT

    # Flush (-F) all specific rules
    iptables -F INPUT
    iptables -F FORWARD
    iptables -F OUTPUT

    # Permit packets in to firewall itself that are part of existing and
    # related connections.
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Deny any packet coming in on the public internet interface eth0
    # which has a spoofed source address from our local networks:
    iptables -A INPUT -i eth0 -s $SERVER_IP/32 -j DROP
    iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
    iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

    # Accept all tcp SYN packets for protocols SMTP:
    # (SMTP connections are further audited by our SMTP server)
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP/32 --destination-port smtp --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP/32 --destination-port smtps --syn -j ACCEPT

    # Accept HTTP, HTTPS, POP3, POP3S
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port http --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port https --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port pop3 --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port pop3s --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port poppassd --syn -j ACCEPT

    # IMAP Entry
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port imap --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port imaps --syn -j ACCEPT

    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 8443 --syn -j ACCEPT

    # SSH should only b accepted from SBCTEC
    iptables -A INPUT -p tcp -s $ADMIN_IP/32 -d $SERVER_IP/32 --destination-port ssh --syn -j ACCEPT

    # Permit my DNS server to honor requests from the public internet:
    iptables -A INPUT -p udp -s 0/0 -d 0/0 --destination-port domain -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port domain -j ACCEPT

    # For FTP server, restricted to specific local hosts (and see /etc/xinetd.conf):
    # iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ftp-data --syn -j ACCEPT
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ftp --syn -j ACCEPT
    # Use the IANA registered ephemeral port range
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 49152:65534 --syn -j ACCEPT

    # Horde WebMail


    # Miscellaneous $H!T that I don't know what it does yet.
    # iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ipp --syn -j ACCEPT
    # iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port rndc --syn -j ACCEPT
    # iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port sunrpc --syn -j ACCEPT

    # MySQL Ports
    iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port mysql --syn -j ACCEPT

    # Deny Everything else
    iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
    iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP

    # Save Configuration
    service iptables save

    # Restart Configuration
    service iptables restart
    service iptables status
     
Loading...