Hanasaki JiJi wrote:
Working on running a SMTP server inside the firewall that takes
incoming SMTP traffic from outside the firewall. The below rules are
not working. The firewall refuses connections. Any input on what wrong?
Thanks,
internal mailserver = 192.168.1.2
#$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \
#-s 0/0 \
#--dport smtp -j DNAT --to-destination 192.168.1.2:25
#$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \
#-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \
#-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \
#-o $NIC_EXTERNAL -d 0/0 -p tcp \
#-m state --state ESTABLISHED,RELATED -j ACCEPT
The rules theselves look OK (except for the fact that they are commented
out) but note that the odrer in which you specify firwewall rules to
iptables is important, perhaps you have previously specified another
rule that blocks away the incoming packets?
Are you sure that the SMTP server can receive incoming traffic from the
firewall? perhaps its own firewall blocks out the traffic?
I'm not sure about the ":25" you've put after the server's address in
the "-to-destination" parmater for the DNAT target, the iptables
manpage specifies that this should be a port range (E.g. not a single
port), if you want to preform port shifting along with the destination
address translation, since you don't want to do that (you want to keep
the traffic on port 25) I suggest you remove it.