Andrew Bennett
heres the firewall setting ( outer firewall):
FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.xx.0/24 192.168.zz.11"
# actaully outer of 2 firewalls, should receive and translate packets from inner router and the mailserver
FW_PROTECT_FROM_INTERNAL="yes" FW_AUFW_SERVICES_EXT_TCP="ssh 443 25" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_INT_TCP="ssh 443 25"
# should deliver mail to postfix, does not
FW_TRUSTED_NETS="192.168.xx.yy,tcp,22 192.168.xx.yy,tcp,80 192.168.xx.yy,tcp, 10000 "
# only few services from intern
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS" FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no"
FW_FORWARD="192.168.57.11,0/0,tcp,25"
FW_FORWARD_MASQ="0/0,192.168.57.11,tcp,25 192.168.57.11,194.25.242.123,tcp,25"
# actions of desperation, mails either dont go in or out or both
#FW_REDIRECT="0/0,62.157.172.14,tcp,25,25"
# clever idea, redirect to local machine port 25 so #postfix can handle its mail. does not work
# FW_LOG_DROP_CRIT="yes" # FW_LOG_DROP_ALL="yes" # FW_LOG_ACCEPT_CRIT="yes" # FW_LOG_ACCEPT_ALL="no" # FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE- FW FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="yes"
# FW_ALLOW_PING_FW="yes" # FW_ALLOW_PING_DMZ="yes" # FW_ALLOW_PING_EXT="no"
# didnt try all combinations, but ping stll works outside -> fw and inside ->out
===== Mit freundlichen Gruessen
Patrick Thempel mail:patrick_thempel@yahoo.com
__________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here Mit freundlichen Gruessen Patrick Thempel mail:patrick_thempel@yahoo.com --------------------------------- Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD