[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

debian-firewall: how do I let SMTP through with ipmasq ??


I'm running a debian firewall with ipmasq.  It is permanently connected
to an ISP via PPP and I have a static IP address.  I'm running potato
with kernel 2.2.17 on an Intel P133 machine.

My staticly assigned IP address is A.B.C.D which is on the firewall on
interface ppp0.
The internal IP address of the firewall is
My mail server will run on an internal machine with an IP of

I have read the ipmasq and ipmasq-rule man pages as well as the Linux IP
Masquerade and Linux IP Chains HOWTOs.  It's all a little overwhelming
at the moment but the basic idea is to let all SMTP traffic through the
firewall and redirect it to the mail server.  ie. forwall all trafic
destined to A.B.C.D:25 to

I think the IPCHAIN command would be something like this.
"ipchains -A forward -j MASQ -i eth0 -s A.B.C.D/32 25:25 -d 25:25"
Is this correct ?

Do I need an "ipchains -A input" command too, or will one "ipchains -A
forward" command do the job ?

Do I need a connection/mapping in the reverse direction too ?

Is the "-i eth0 redundant" if I have "-s" *and* "-d" arguments ?

Does the "-s ip/nm" mean the source ip address of the packet *or* the
destination ip address of the incoming packet ?
Similarly, does the "-d ip/nm" mean the destination ip address of the
packet *or* the destination to route/forward the packet to ?

Once I have the correct IPCHAINS command, I need to put it somewhere.
>From what I can figure out, I need to put a .rul file in
/etc/ipmasq/rules.  Is that correct ?

Do I create a new .rul file or copy one of the .def to a .rul.
Which one would I need to copy ?
I assume getting the order would be important but I'm not sure where it
should go.

Thanks heaps for any advice,
Brendan Simon.

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: