[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Firewall

On 30 Mar 2005, Matthew Palmer wrote:
> On Wed, Mar 30, 2005 at 03:25:08PM +0600, Suranga Kasturiarachchi wrote:
>> Dear all,
>> I have two network, one is 192.168.1.X and other is 202.51.140.X. the
>> 202.51.140.X is internet network. 192.168.1.X is users computers.
>> sometimes I need to allow users to access there out side pop mail servers
>> through the 192.168.1.X network, please help me on this matter and how I
>> need to configure the firewall. My Debian woody PC have two network
>> interfaces(eth0 and eth1) and one connected to 192.168.1.X network and
>> other connected to 202.51.140.X network.
> Put the POP server in a DMZ. If that's not possible, port forward 110 from
> the gateway machine to the internal POP server.
> $IPTABLES -t nat -A PREROUTING -p tcp --dport 110 -d 202.51.140.X --to
> 	192.168.1.X:110
> You definitely want to implement a DMZ if at all possible, though.

This is good advice.  If you want something that takes some of the hard
work out of getting a firewall configured, you might consider the
'firehol' package.

It can do a lot of the hard work, allowing you to focus on things like
saying "server pop allow" rather than talking iptables directly.

If legendary shlockmeister Ed Wood made a movie about a vampire, it probably
would look a lot like this alarming production, adapted from Anne Rice's novel
The Vampire Chronicles.
        -- Bruce Newman, _San Jose Mercury News_

Reply to: