[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables forwarding to inside firewall

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I think you must chech your default policies. Besides, you should
check the traffic from within your mail server with a tool such as snort
or tcpdump and try logging your rules with the -j LOG match.

Hanasaki JiJi <hanasaki@hanaden.com> writes:

> Working on running a SMTP server inside the firewall that takes
> incoming SMTP traffic from outside the firewall.  The below rules are
> not working.  The firewall refuses connections.  Any input on what
> wrong?
>
> Thanks,
>
> internal mailserver = 192.168.1.2
>
>
>
> #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \
>          #-s 0/0 \
>          #--dport smtp -j DNAT --to-destination 192.168.1.2:25
>
> #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \
>          #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \
>          #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
> #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \
>          #-o $NIC_EXTERNAL -d 0/0 -p tcp \
>          #-m state --state ESTABLISHED,RELATED -j ACCEPT
>
>
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

- -- 
Andres Roldan 
CSO, Fluidsignal Group S.A.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+hWHG2OByS7KTlusRAiDGAKCnU+W5O4wF9x4vYpy80dfgHfJ0NwCffy71
89njxxEPMLIzsCR0p44W/XM=
=18HH
-----END PGP SIGNATURE-----
Reply to: