[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Forwarding data

I have a couple of questions, but first I'll describe my simple setup. I got a Debian Etch gateway with two NIC's; eth0 (LAN), eth0:1 (DMZ), eth1 (input from isp router). I've pasted part of my firewall script here, http://pastebin.ca/1066314 I left out the variables definitions and cut down on all the different rules.

Q1) When I access my webserver in DMZ from LAN I can't see the source address in the webservers log, I only get (DMZ gateway address). The same happens vice-versa and it's a problem due to ACL and etc. The strange thing is that it used to work, the source address appeared, but unfortunately it stopped. I don't know what I've done, cause the firewall script is still the same rules.

Q2) I would like have a mail server in DMZ, but for now I only got a working smtp-server. Because of sorbs and reverse lookup I'm forced relay my mails through my ISP's smtp server and that's no problem as long as I only have the smtp-setup. But as soon as I redirect port 25 down to the mail server in DMZ to receive mails Postfix report about mail loop. That also happens only when I use Postfix for smtp. I can't see why I can't redirect the port. Perhaps cause my ISP answers on port 25 which redirects to my smtp-server. Am I missing something or is there a work-around?

Q3) I always prefer to only open the ports I need, but with SopCat (video streaming network) I got a "problem". Sopcast connect on 2-3 specific ports, but when it comes to streaming the video it uses from port 32000 and up (as a new connection). What does you normally do in those cases, opens all the port, cause it makes no real difference?

Reply to: