[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables forwarding to inside firewall

> Working on running a SMTP server inside the firewall that takes incoming 
> SMTP traffic from outside the firewall.  The below rules are not 
> working.  The firewall refuses connections.  Any input on what wrong?
> 
> Thanks,
> 
> internal mailserver = 192.168.1.2
> 
> 
> 
> #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \
>          #-s 0/0 \
>          #--dport smtp -j DNAT --to-destination 192.168.1.2:25

this rule looks fine...
you might want to replace the ip with $SMTP_HOST where
SMTP_HOST=192.268.1.2

> 
> #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \
>          #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \
>          #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

I guess you won't need RELATED if you don't wnt your server to start a
new connection... there's either a new request for a connection or an
established connection

> 
> #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \
>          #-o $NIC_EXTERNAL -d 0/0 -p tcp \
>          #-m state --state ESTABLISHED,RELATED -j ACCEPT

I'd add a --sport 25to this rule...

Are you sure, this is your firewall refusing the connection?
I'm really just beginning to work with iptables but from what I know
or understand this is correct...
Have you tried some extra logging? where don't the packages go through?

> 

There's a great tutorial covering iptables:
http://iptables-tutorial.frozentux.net


Gruss,
Horst.
Reply to: