Setting up mail server behind iptables firewall
I'm sure this is covered SOMEWHERE - but I haven't found anything
obvious in the archives / howto's.
I currently have the following configuration:
(please comment if you find this arrangement objectionable in itself!)
Internal LAN - 192.168.0.30 through 192.168.0.50
Dual-Homed Gateway (is that the right term?) -
two NIC's - 192.168.0.1 and 192.168.69.2
Dual-Homed Firewall (again, whatcha call it?) -
two NIC's - 192.168.69.1 and Internet Static IP
The gateway is set up with entries in the routing table and has
forwarding enabled.
I've setup iptables on the firewall with sourceNAT and a reject anything
from the outside that isn't the result of a connection. Works fine.
(Actually, I've also had the same iptables script running on the gateway
server - probably overkill)
Postfix is running on the gateway server - works fine.
What do I need to set on the firewall/gateway to make my Postfix server
available to the internet? I've tried:
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth1 -j DNAT --to
192.168.69.2:25
BTW - eth1 of the firewall (and gateway too) is the
"dangerous" side (internet) - eth0 is the "safe" (internal).
And variations of the same - but no go. What am I missing?
P.S. How can I test this without an additional internet connection? If
this is working, can I telnet from either the gateway or a LAN
workstation (assuming the gateway is forwarding for that workstation) to
the external static IP address and port?
Daniel
Reply to: