Re: Port forwarding on a NAT firewall
On 2004-07-02, Antony penned:
> Hi all,
>
> If I have a router running iptables with NAT for a private IP network,
> there are two options if I want to have a public email server on the
> private network... 1) Set up an email server on the router that
> relays all mail to the private server.2) Port forward (DNAT) port 25
> to the private server.
>
> I don't like port forwarding, as it's always seemed like a kind of
> bodge, but (2) is quicker and easier to setup. Does (2) have any
> practical negative implications from a security point of view, and
> does anyone have any general views on which solution is better? A
I've been using (2) for quite a while now ... except with a hardware
router rather than iptables. I can't think of any big negatives; it
seems like setting up two email servers just introduce two places to
possibly screw up the configuration and drop mail.
--
monique
Reply to: