Iptables allow CIPE connection request

last updated in Categories Iptables, Linux, Networking, Security, Troubleshooting

From my mail bag:

How do I accept CIPE connection requests coming from the outside?

CIPE stands for Crypto IP Encapsulation (see howto Establishing a CIPE Connection) . It is used to configure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network (VPN). All you need to find out CIPE number, once you got the number (device name) append following two IPTABLE rules (add rule to your iptables script) to script:

Iptables rules:

Add the following rules to your iptables script or configuration file:

iptables -A INPUT -p udp -i cipcb0 -j ACCEPT
iptables -A OUTPUT -p udp -o cipcb0 -j ACCEPT

CIPE use its own virtual device. It is use to transmit UDP packets so the above rule allows the cipcb0 interface to incoming request (no need to use eth0).

Replace cipcb0 with your actual device name.

References:

Sendmail is only accepting connections from localhost (127.0.0.1 IP)

last updated in Categories FAQ, Troubleshooting

Q. My sendmail service is running under Linux and whenever I try to telnet it from other LAN IP, it gives connection refuse error. If I connect it from localhost it accept connection. I can only send mail from my server only. How do I force sendmail to accept mail from other hosts/LAN ips?

A. For security reason sendmail is by default configured to accept connection from local system (127.0.0.1). This should avoid open mail relay problem.

To allow connections from ALL hosts/LAN IPs open sendmail.mc file (login as the root):

# vi /etc/mail/sendmail.mc

Look for line that read as follows:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)dnl

Comment or remove above line and insert new line that read as follows:

DAEMON_OPTIONS(`Port=smtp,Name=MTA’)dnl

Above line will force to accept connection from any host. Save the file. Regenerate sendmail configuration file using m4:

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart sendmail service :

# /etc/init.d/sendmail restart

Caution: You should configure firewall and other Sendmail Anti-Spam configuration control to avoid problems.

See also:

RHEL: Linux Bond / Team Multiple Network Interfaces (NIC) Into a Single Interface

last updated in Categories fedora linux, Howto, Networking, RedHat/Fedora Linux, Tips

Finally, today I had implemented NIC bounding (bind both NIC so that it works as a single device). Bonding is nothing but Linux kernel feature that allows to aggregate multiple like interfaces (such as eth0, eth1) into a single virtual link such as bond0. The idea is pretty simple get higher data rates and as well as link failover. The following instructions were tested on:

  1. RHEL v4 / 5 / 6 amd64
  2. CentOS v5 / 6 amd64
  3. Fedora Linux 13 amd64 and up.
  4. 2 x PCI-e Gigabit Ethernet NICs with Jumbo Frames (MTU 9000)
  5. Hardware RAID-10 w/ SAS 15k enterprise grade hard disks.
  6. Gigabit switch with Jumbo Frame