12 Nov
2001
12 Nov
'01
14:38
On Friday 09 November 2001 06:44, Ray Leach wrote: > Can anyone assist me in redirecting smtp and pop3 through a firewall to > a mail server on a private network? > > I'm using iptables and kernel 2.4.10. > > These are my rules: > I assume that the POP3-clients on the internet send packets to Port 110 of your firewall, and that these packets should be forwarded to your mail server. The packets from the mail server should go out, masqueraded to be from the firewall, port 110. Is this so ? > # pop3 forwarding > $IPTABLES -t nat -A PREROUTING -i $IFACE_INET -p tcp -d $IP_INET_MAIL > --dport 110 -j DNAT --to 192.168.1.4:110 Is $IP_INET_MAIL the official IP of the Firewall ? > $IPTABLES -A INPUT -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j > ACCEPT The packets should not go to the firewall directly, so IMHO not needed > $IPTABLES -A FORWARD -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j > ACCEPT > What am I missing? there are some more things you could check: - Is the way back from the mail server opened and masqueraded ? - use tcpdump on your firewall to see the incoming and forwarded packets - use tcpdump on your mailserver to check if the packets get forwarded correctly Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************