Re: port forward to MS Exchange IMAP

["Robert Davies" <Rob_Davies@NTLWorld.Com>]

> Maybe, I'm missing something but shouldn't you also mark (-m 1) packets
> without the SYN flag set, else only connection initiation will be
forwarded
> inside. E.g.:
> ipchains -A input -p tcp -d 208.145.27.210/32 143 -m 1

No mfw sets up forwarding based on initial connections.  I do tunnel imap,
this is segments of the code I use to set it up.  I read the HOWTOs
carefully and picked up the ip_masq modules :

depmod -a
modprobe ip_masq_ftp

# Initialise chains and forwarding
ipchains -F input
ipchains -F forward
ipchains -P forward DENY
ipchains -F output
ipmasqadm autofw -F
ipmasqadm portfw -f
ipmasqadm mfw -F

# Enable Anti-Spoof protection - sets source route verification
for f in all default eth0 lo
do
    echo 1 > /proc/sys/net/ipv4/conf/$f/rp_filter
done
# Disable on internal interfaces, as we can have asymmetric routing
for f in eth1 eth2
do
    echo 0 > /proc/sys/net/ipv4/conf/$f/rp_filter
done

#
# MASQ timeouts
#
# 2   hrs timeout for TCP sessions
# 10  sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
ipchains -M -S 7200 10 160


# Forward wye's Perimeter net imap2 port onto phoenix in server net
phoenix=10.243.1.10
phoenix_host=${phoenix}/32

wye_180=
wye_180_host=${wye_180}/32

# Redirect imap to phoenix's imap2 port
ipchains -A forward -p tcp -s $phoenix_host imap2 -d ! $perimeter_net -j
MASQ
ipchains -A input -p tcp -y -d $wye_180_host imap2 -m 143
ipmasqadm mfw -A -m 143 -r $phoenix imap2

Perhaps something there was missing in the original questioners script.
Sure if he checks over it, there'll be a mistake, usually I screwed up the
ports, and the mark numbers.  Other possibilities are the rule chains, hosts
and masks, and loading the modules.

Rob