Horde Behind Firewall Not Working

[SBCTEC]

I'm running Fedora Core 2 and Plesk 7.1.4 Reloaded for *nix. It is basically a default installation, but I have implemented my own firewall using iptables. When users try to go to http://webmail.their-domain.com, they get the horde login screen, but after entering in their user name and password, it timeouts with an error that their entered data is wrong. Upon turning off the firewall, everything works perfect. What ports need to be opened for Horde to operate properly? If there's a range of ports that need to be opened ( > 1024), is there a configuration option to specify a particular range? Below is the IPTABLES Script I'm currently using.

# Configure default policies (-P), meaning default rule to apply if no
# more specific rule below is applicable. These rules apply if a more
# specific rule below is not applicable. Defaults are to DROP anything
# sent to firewall or internal network, permit anything going out.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Flush (-F) all specific rules
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT

# Permit packets in to firewall itself that are part of existing and
# related connections.
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Deny any packet coming in on the public internet interface eth0
# which has a spoofed source address from our local networks:
iptables -A INPUT -i eth0 -s $SERVER_IP/32 -j DROP
iptables -A INPUT -i eth0 -s 192.168.0.0/24 -j DROP
iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

# Accept all tcp SYN packets for protocols SMTP:
# (SMTP connections are further audited by our SMTP server)
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP/32 --destination-port smtp --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP/32 --destination-port smtps --syn -j ACCEPT

# Accept HTTP, HTTPS, POP3, POP3S
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port http --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port https --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port pop3 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port pop3s --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port poppassd --syn -j ACCEPT

# IMAP Entry
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port imap --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port imaps --syn -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 8443 --syn -j ACCEPT

# SSH should only b accepted from SBCTEC
iptables -A INPUT -p tcp -s $ADMIN_IP/32 -d $SERVER_IP/32 --destination-port ssh --syn -j ACCEPT

# Permit my DNS server to honor requests from the public internet:
iptables -A INPUT -p udp -s 0/0 -d 0/0 --destination-port domain -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port domain -j ACCEPT

# For FTP server, restricted to specific local hosts (and see /etc/xinetd.conf):
# iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ftp-data --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ftp --syn -j ACCEPT
# Use the IANA registered ephemeral port range
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 49152:65534 --syn -j ACCEPT

# Horde WebMail


# Miscellaneous $H!T that I don't know what it does yet.
# iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port ipp --syn -j ACCEPT
# iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port rndc --syn -j ACCEPT
# iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port sunrpc --syn -j ACCEPT

# MySQL Ports
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port mysql --syn -j ACCEPT

# Deny Everything else
iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP
iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP

# Save Configuration
service iptables save

# Restart Configuration
service iptables restart
service iptables status