either set FW_PROTECT_FROM_INTERNAL="no" or add ports 25 and 110 to FW_SERVICES_INTERNAL_TCP
Nice Try, but totally insecure! FW_SERVICES_INTERNAL_TCP opens Ports on the firewall. As I understood the mailserver is not on the firewall! #9.) FW_SERVICES_EXTERNAL_TCP="" FW_SERVICES_EXTERNAL_UDP="" FW_SERVICES_INTERNAL_TCP="22 25 110" FW_SERVICES_INTERNAL_UDP="" Open ssh, smtp and pop on firewall. Change Rules in 10.) to followin: #10.) FW_TRUSTED_NETS="10.0.0.0/24" FW_SERVICES_TRUSTED_TCP="22 25 110" This allows only access from internal and only from IP 10.0.0.0 .. 255 #11.) FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" If this is a firewall on which access should be allowed to the outside world, you better say here "Yes". This allows connections to internal IP's from external requests (e.g.: TCP: www (www.freenet.de) -> 2345 (10.0.0.x)). This is independant from the firewall! #14.) FW_FORWARD_MASQ_TCP="w.x.y.z,10.0.0.102,25 w.x.y.z,10.0.0.102,110 w.x.y.z,10.0.0.102,143 w.x.y.z,10.0.0.102,80" Forwards IP 10.0.0.102 to smtp, pop3,imap,www from IP w.x.y.z to allow serverservice over masquerading. You use SuSEfirewall and not SuSEfirewall2 (ipchains instead of iptables). If you want more Protocols to be supported, update to Kernel 2.4.? and install SuSEfirewall2 and iptables. Iptables can do NAT (Network Address Translation), ipchains can do Masquerading only (not all Protocols supported e.g. Netmeeting). Masquerading cannot do Netmeeting, ... NAT can do these protocols. Check for Updates on http://www.suse.de/~marc/SuSE.html if you use older distribution of SuSE! Philippe