Re: exim & iptables
On Saturday 08 March 2003 07:37, Hal wrote:
> I'm using Woody as a firewall with NAT to protect a small network that
> includes a mail and web server on an unregistered (192.168....)
> network. I'd like to configure the fw so that it can send mail alerts
> to the users via the mail server on the protected net. If I set
> exim.conf to preclude all local machine delivery (i.e. force remote
> delivery), the messages don't get delivered (they are "frozen") since a
> MX lookup by the firewall indicates that the firewall's registered
> address is also the mail server's address. The firewall rules include
> a NAT rule for all smtp traffic to go to the internal server.
>
> Any suggestions on how to tell the firewall to send mail to the
> internal mail server? Is it an exim or firewall config issue?
Good question. I have the exact same problem.
I installed Shorewall which locks things down tight.
I could not even send mail out of my Debian router
until I put the following in my rules:
ACCEPT fw net tcp 25
ACCEPT net fw tcp 25
All my mail gets accepted on my main server at 192.168.1.200
so here is my DNAT rule:
DNAT net loc:192.168.1.200 tcp 22,25,110,80
Sounds like you have this setup already.
This is the mail error I get when I have exim configured as option 1
which is Internet site using eximconfig:
R=lookuphost defer (-1): lowest numbered MX record points to local host
and messages get frozen.
This is the mail error I get when I have exim configured as option 3
which is satellite system using eximconfig:
R=smarthost defer (-1): lookup of host "192.168.1.200" failed in smarthost
router
So to answer your question, I personally think it is an Exim configuration
problem. If you figure it out...please let me know as I like to mail all of
my log files on a daily basis. -Andy
Reply to: