Re: Forwarding data

On Wed, Jul 09, 2008 at 07:09:20AM +0200, Lars wrote:
> Q2) I would like have a mail server in DMZ, but for now I only got a 
> working smtp-server. Because of sorbs and reverse lookup I'm forced 
> relay my mails through my ISP's smtp server and that's no problem as 
> long as I only have the smtp-setup. But as soon as I redirect port 25 
> down to the mail server in DMZ to receive mails Postfix report about 
> mail loop. That also happens only when I use Postfix for smtp.
> I can't see why I can't redirect the port. Perhaps cause my ISP answers 
> on port 25 which redirects to my smtp-server. Am I missing something or 
> is there a work-around?

Looks to me like the mailserver's outgoing SMTP connections are redirected
back to itself due to your forwarding of port 25. Make sure that the rule
that does the port-forwarding applies only to connections from outside.
 
> Q3) I always prefer to only open the ports I need, but with SopCat 
> (video streaming network) I got a "problem". Sopcast connect on 2-3 
> specific ports, but when it comes to streaming the video it uses from 
> port 32000 and up (as a new connection). What does you normally do in 
> those cases, opens all the port, cause it makes no real difference?

If you plan to use P2P apps you cannot 'default-deny' ports in general.
You could place a P2P host in the DMZ and connect to that from your
internal clients, thus using the DMZ host as proxy. This doesn't work 
for most filesharing P2P networks, but SopCast might support it.