Re: Debian Firewall
On 30 Mar 2005, Matthew Palmer wrote:
> On Wed, Mar 30, 2005 at 03:25:08PM +0600, Suranga Kasturiarachchi wrote:
>> Dear all,
>>
>> I have two network, one is 192.168.1.X and other is 202.51.140.X. the
>> 202.51.140.X is internet network. 192.168.1.X is users computers.
>> sometimes I need to allow users to access there out side pop mail servers
>> through the 192.168.1.X network, please help me on this matter and how I
>> need to configure the firewall. My Debian woody PC have two network
>> interfaces(eth0 and eth1) and one connected to 192.168.1.X network and
>> other connected to 202.51.140.X network.
>
> Put the POP server in a DMZ. If that's not possible, port forward 110 from
> the gateway machine to the internal POP server.
>
> $IPTABLES -t nat -A PREROUTING -p tcp --dport 110 -d 202.51.140.X --to
> 192.168.1.X:110
>
> You definitely want to implement a DMZ if at all possible, though.
This is good advice. If you want something that takes some of the hard
work out of getting a firewall configured, you might consider the
'firehol' package.
It can do a lot of the hard work, allowing you to focus on things like
saying "server pop allow" rather than talking iptables directly.
Daniel
--
If legendary shlockmeister Ed Wood made a movie about a vampire, it probably
would look a lot like this alarming production, adapted from Anne Rice's novel
The Vampire Chronicles.
-- Bruce Newman, _San Jose Mercury News_
Reply to: