Re: [suse-security] SuSEfirewall 2 port redirection / forced mail server
i want to acomplish the following and wanted to know if its possible with susefirewall2/iptables: our company network is masqueraded by a susefirewall (all private ips). i want all users behind the firewall to use my external mailserver (is virus and spam protected), no matter what mailserver they have in their outlook express settings (i.e. port 25 has to be redirected). the redirect rules of susefirewall2 allow only for redirection to a local port on the firewall, but i don't want any services on the firewall. so i want to redirect to an external ip address (public ip). can this be done (or has it already been done by someone) ? any help appreciated.
you can use rinetd - it will forward ports from your firewall to your mailserver.
dirk thanks, worked right from the start. i wanted to make this on the firewall level at first, but what the heck. alex
On Mit, 30 Okt 2002, Alexander Gretha wrote:
you can use rinetd - it will forward ports from your firewall to your mailserver. thanks, worked right from the start. i wanted to make this on the firewall level at first, but what the heck.
Well, until you not "redirect" the IPs from the outer net to your inner net, than all its OK .... otherwise you will run into spam-relay problems !!! => so only use "rinetd" from inner to outer routings - not for more !!! (on the SMTP-Protocol) Greetings, -- Jörg Henner Fon: +49 (7 11) 48 90 83 - 0 ETES - EDV-Systemhaus GbR Fax: +49 (7 11) 48 90 83 - 50 Libanonstrasse 58 A * D-70184 Stuttgart Web: http://www.etes.de ______________________________________ Inflex - eMail Scanning and Protection Queries to: postmaster@etes.de
=> so only use "rinetd" from inner to outer routings - not for more !!! (on the SMTP-Protocol)
to make it secure: use the variables allow with the ip address of the external server in the beginning at rinetd.conf. by this way you can allow only specific computers to redirect. dirk
=> so only use "rinetd" from inner to outer routings - not for more !!! (on the SMTP-Protocol)
to make it secure: use the variables allow with the ip address of the external server in the beginning at rinetd.conf. by this way you can allow only specific computers to redirect.
dirk
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
i put my allow 192.168.0.* into the rinetd.conf and disabled the port 25 on the external interface of the firewall, no connections from extern are allowed. works all right. thanks again alex
participants (3)
-
Alexander Gretha
-
Dirk Borchers
-
Joerg Henner