Help please ! Is anyone trying to do this, or am I the only one? +----------------+ | Internet Users | <- Need to get mail from private pop3 server +-------+--------+ | +-------+--------+ | | DMZ +----------------+ +-----------------+ | Firewall +-----+ 192.168.1.0/24 +--+ Mail Server | | | +----------------+ | Pvt:192.168.1.3 | +-------+--------+ | Pub:66.8.34.163 | | +-----------------+ +-------+--------+ | 10.0.0.0/24 | <- Pvt user subnet +-------+--------+ | +-------+--------+ | LAN Users | <- Need smtp and pop3 access to mail server in DMZ +----------------+ Can anyone tell me what rules I need to put in place to get this working? Ray Ray Leach wrote:
Hi
Can anyone assist me in redirecting smtp and pop3 through a firewall to a mail server on a private network?
I have been trying to get this right for a few days now.
I'm using iptables and kernel 2.4.10.
These are my rules:
# pop3 forwarding $IPTABLES -t nat -A PREROUTING -i $IFACE_INET -p tcp -d $IP_INET_MAIL --dport 110 -j DNAT --to 192.168.1.4:110 $IPTABLES -A INPUT -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j ACCEPT $IPTABLES -A FORWARD -i $IFACE_INET -p tcp -d $NET_DMZ --dport 110 -j ACCEPT
# smtp forwarding $IPTABLES -t nat -A PREROUTING -i $IFACE_INET -p tcp -d $IP_INET_MAIL --dport 25 -j DNAT --to 192.168.1.4:25 $IPTABLES -A INPUT -i $IFACE_INET -p tcp -d $NET_DMZ --dport 25 -j ACCEPT $IPTABLES -A FORWARD -i $IFACE_INET -p tcp -d $NET_DMZ --dport 25 -j ACCEPT
What am I missing?
I have set LOG rules to watch for dropped packets and I used netstat on the mail server to check for incoming connections on these ports, but so far no luck ...
Ray -- ---------------------------------------------------------------------- Raymond Leach Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007 eMail:raymondl@knowledgefactory.co.za www:http://www.knowledgefactory.co.za "No matter where you go, there you are ..." ----------------------------------------------------------------------
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ---------------------------------------------------------------------- Raymond Leach Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007 eMail:raymondl@knowledgefactory.co.za www:http://www.knowledgefactory.co.za "No matter where you go, there you are ..." ----------------------------------------------------------------------