13 Nov
2001
13 Nov
'01
05:05
Hi Thanks for the reply ! Some answers below : Andreas Baetz wrote: > On Friday 09 November 2001 06:44, Ray Leach wrote: > > Can anyone assist me in redirecting smtp and pop3 through a firewall to > > a mail server on a private network? > > > > I'm using iptables and kernel 2.4.10. > > > > These are my rules: > > > I assume that the POP3-clients on the internet send packets to Port 110 of your firewall, > and that these packets should be forwarded to your mail server. The packets from the > mail server should go out, masqueraded to be from the firewall, port 110. Is this so ? No, I'm trying to do reverse masq (incoming) to the mail server. > > > > # pop3 forwarding > > $IPTABLES -t nat -A PREROUTING -i $IFACE_INET -p tcp -d $IP_INET_MAIL > > --dport 110 -j DNAT --to 192.168.1.4:110 > Is $IP_INET_MAIL the official IP of the Firewall ? No, of the mail server. This is the IP that will be in the MX record. > > > > $IPTABLES -A INPUT -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j > > ACCEPT > The packets should not go to the firewall directly, so IMHO not needed > I'm attempting to forward the newly mangled packets to the mail server in the DMZ. This allows them to be accepted by the firewall to be passed on. > > > $IPTABLES -A FORWARD -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j > > ACCEPT > > > What am I missing? > there are some more things you could check: > - Is the way back from the mail server opened and masqueraded ? Yes opened, no not masqed. > > - use tcpdump on your firewall to see the incoming and forwarded packets > - use tcpdump on your mailserver to check if the packets get forwarded correctly It's an exchange mail server unfortunately. > > > Andreas Baetz > > ********************************************************************** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been scanned > for the presence of computer viruses. > ********************************************************************** > > -- > To unsubscribe, e-mail: suse-security-unsubscribe@suse.com > For additional commands, e-mail: suse-security-help@suse.com -- ---------------------------------------------------------------------- Raymond Leach Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007 eMail:raymondl@knowledgefactory.co.za www:http://www.knowledgefactory.co.za "No matter where you go, there you are ..." ----------------------------------------------------------------------