-----BEGIN PGP SIGNED MESSAGE----- Hello , I'm trying to set up my firewall as my primary POP and SMTP box (VERY small LAN). On my internal server box (192.168.1.2) I have sent mail to my username@domain but got the following in my firewall log. Can someone help me figure out how to tell the firewall to allow this connection? In a similar vein, can someone suggest how to tell my firewall to redirect requests from inside to the masqueraded/port-forwarded location? Thanks May 20 16:09:50 gvantass kernel: SuSE-FW-NO_ACCESS_INT->FWEXT IN=eth1 OUT= MAC=00:a0:c9:1e:9d:73:00:60:08:93:a8:a1:08:00 SRC=192.168.1.2 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61923 DF PROTO=TCP SPT=41027 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A037C30320000000001030300) - -- Best regards, Geordon mailto:gvantass@interaccess.com PGP Key ID: 0xFCF06B79 Your Fortune ==> "He who can, does. He who cannot, teaches." (George Bernard Shaw) ��h�� -----BEGIN PGP SIGNATURE----- Version: PGP 6.5i iQEVAwUBPOlu0t77fDX88Gt5AQELGAf+MCairRjPsNGJM7n4LmoIaAA4SPB4tili l/hV6QtFU0tx7bPrFOShT3Dcg4I/wTv0QH0iCQMfdgkDlARRrzMFGWqZUw3cSGQp 5OWUHmJ+W4cG+cfZbySqRRZche6Kw0f5VJyJ2d2CjLdCvhn6R6iDrs0Cmu8bZbPN uIgQ8/UdVZ7hHxlLQSuHEPhzO45cHV48G+dp/HThuopqeJuKRvW62Aaib6DVZw79 SHHYbg2d9/WK/JxQq8yvdW5CoE52PFxG2NFZy5qKdZ5ZlV0p7dKRaAvXQK8rPE51 DImVEYKiiOdwZkADUrpHfKrUuqW9ZZw8ap25yX20yhWT/RfnMyz5EQ== =IQ0H -----END PGP SIGNATURE-----
use your internal ip in smtp and pop3 settings on your mail client. 192.168.1.2 don't use domain name. or you have to edit your firewall to allow traffic from eth1 to eth0 using custom rules. If you look in archives there were a lot of posts about this. On Monday 20 May 2002 14:46, Geordon VanTassle wrote:
Hello ,
I'm trying to set up my firewall as my primary POP and SMTP box (VERY small LAN). On my internal server box (192.168.1.2) I have sent mail to my username@domain but got the following in my firewall log. Can someone help me figure out how to tell the firewall to allow this connection? In a similar vein, can someone suggest how to tell my firewall to redirect requests from inside to the masqueraded/port-forwarded location?
Thanks
May 20 16:09:50 gvantass kernel: SuSE-FW-NO_ACCESS_INT->FWEXT IN=eth1 OUT= MAC=00:a0:c9:1e:9d:73:00:60:08:93:a8:a1:08:00 SRC=192.168.1.2 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61923 DF PROTO=TCP SPT=41027 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A037C30320000000001030300)
-- Alex Levit Senior Network Engineer Kel-Tek Inc. TEL: 626-571-6927 FAX: 626-571-8794 'Alex@kel-tek.com'
hello, try this in /sbin/SuSEfirewall2:686 (Section: Anti Spoofing/Circumvention protection - interface dependent, under for IP in $DEV_EXT; do) $IPTABLES -A INPUT -i $DEV -s 192.168.1.2 -d $IP -j "$ACCEPT" ciao thomas Am Mon, 2002-05-20 um 23.46 schrieb Geordon VanTassle:
-----BEGIN PGP SIGNED MESSAGE-----
Hello ,
I'm trying to set up my firewall as my primary POP and SMTP box (VERY small LAN). On my internal server box (192.168.1.2) I have sent mail to my username@domain but got the following in my firewall log. Can someone help me figure out how to tell the firewall to allow this connection? In a similar vein, can someone suggest how to tell my firewall to redirect requests from inside to the masqueraded/port-forwarded location?
Thanks
May 20 16:09:50 gvantass kernel: SuSE-FW-NO_ACCESS_INT->FWEXT IN=eth1 OUT= MAC=00:a0:c9:1e:9d:73:00:60:08:93:a8:a1:08:00 SRC=192.168.1.2 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61923 DF PROTO=TCP SPT=41027 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40402080A037C30320000000001030300)
- -- Best regards, Geordon mailto:gvantass@interaccess.com PGP Key ID: 0xFCF06B79 Your Fortune ==> "He who can, does. He who cannot, teaches." (George Bernard Shaw) ðhÍ
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5i
iQEVAwUBPOlu0t77fDX88Gt5AQELGAf+MCairRjPsNGJM7n4LmoIaAA4SPB4tili l/hV6QtFU0tx7bPrFOShT3Dcg4I/wTv0QH0iCQMfdgkDlARRrzMFGWqZUw3cSGQp 5OWUHmJ+W4cG+cfZbySqRRZche6Kw0f5VJyJ2d2CjLdCvhn6R6iDrs0Cmu8bZbPN uIgQ8/UdVZ7hHxlLQSuHEPhzO45cHV48G+dp/HThuopqeJuKRvW62Aaib6DVZw79 SHHYbg2d9/WK/JxQq8yvdW5CoE52PFxG2NFZy5qKdZ5ZlV0p7dKRaAvXQK8rPE51 DImVEYKiiOdwZkADUrpHfKrUuqW9ZZw8ap25yX20yhWT/RfnMyz5EQ== =IQ0H -----END PGP SIGNATURE-----
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
Alex Levit
-
Geordon VanTassle
-
Thomas Keuscher