[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port forward to MS Exchange IMAP

> Maybe, I'm missing something but shouldn't you also mark (-m 1) packets
> without the SYN flag set, else only connection initiation will be
> inside. E.g.:
> ipchains -A input -p tcp -d 143 -m 1

No mfw sets up forwarding based on initial connections.  I do tunnel imap,
this is segments of the code I use to set it up.  I read the HOWTOs
carefully and picked up the ip_masq modules :

depmod -a
modprobe ip_masq_ftp

# Initialise chains and forwarding
ipchains -F input
ipchains -F forward
ipchains -P forward DENY
ipchains -F output
ipmasqadm autofw -F
ipmasqadm portfw -f
ipmasqadm mfw -F

# Enable Anti-Spoof protection - sets source route verification
for f in all default eth0 lo
    echo 1 > /proc/sys/net/ipv4/conf/$f/rp_filter
# Disable on internal interfaces, as we can have asymmetric routing
for f in eth1 eth2
    echo 0 > /proc/sys/net/ipv4/conf/$f/rp_filter

# MASQ timeouts
# 2   hrs timeout for TCP sessions
# 10  sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
ipchains -M -S 7200 10 160

# Forward wye's Perimeter net imap2 port onto phoenix in server net


# Redirect imap to phoenix's imap2 port
ipchains -A forward -p tcp -s $phoenix_host imap2 -d ! $perimeter_net -j
ipchains -A input -p tcp -y -d $wye_180_host imap2 -m 143
ipmasqadm mfw -A -m 143 -r $phoenix imap2

Perhaps something there was missing in the original questioners script.
Sure if he checks over it, there'll be a mistake, usually I screwed up the
ports, and the mark numbers.  Other possibilities are the rule chains, hosts
and masks, and loading the modules.


Reply to: