Hello! My firewall have the main IP and some alias on interface of Internet. I configure one of this alias whith IP of my mail server and use DNAT to communicate with LAN. I configure the masq file and the e-mails are sending with correct IP. Everything is working fine but... Now, I want my firewall also send e-mails with the same IP of alias. The firewall is send e-mails with the main IP of interface. I don''t know where I do this configuration. Some information: Internet: eth0 LAN: eth1 Main IP: 201.xx.xx.2 Alias (mail): 201.xx.xx.4 masq file: eth0:1 eth1 201.xx.xx.4 tcp smtp eth0 eth1 Thanks a lot! [ ]''s -- Bruno Ayub. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Do you want firewall to act as secondary mail server? Or would you accept to just send mails from firewall to your main mail server, and let main mail server forward it to desired destination? Answer to your question is to SNAT to secondary IP all traffic from <Firewall> with source tcp port 25 to <Any>. Sorry, I do not have time to check what exactly you have to enter to shorewall scripts. Ljubomir Bruno Ayub wrote:> Hello! > > My firewall have the main IP and some alias on interface of Internet. I > configure one of this alias whith IP of my mail server and use DNAT to > communicate with LAN. I configure the masq file and the e-mails are > sending with correct IP. Everything is working fine but... > > Now, I want my firewall also send e-mails with the same IP of alias. The > firewall is send e-mails with the main IP of interface. I don''t know > where I do this configuration. > > Some information: > Internet: eth0 > LAN: eth1 > > Main IP: 201.xx.xx.2 > Alias (mail): 201.xx.xx.4 > > masq file: > eth0:1 eth1 201.xx.xx.4 tcp smtp > eth0 eth1 > > > Thanks a lot! > > [ ]''s > > -- > Bruno Ayub. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
I just want send some information (logwatch) directly from firewall to my gmail. That secondary IP has a reverse name configured using the 201.xx.xx.4 IP. If i could send directly from firewall with this IP, It isn''t necessary do any configuration on mail server. I will read more about SNAT end try some changes. Thanks! On Tue, Apr 28, 2009 at 08:47, Ljubomir Ljubojevic <office@plcomputers.net>wrote:> Do you want firewall to act as secondary mail server? > > Or would you accept to just send mails from firewall to your main mail > server, and let main mail server forward it to desired destination? > > Answer to your question is to SNAT to secondary IP all traffic from > <Firewall> with source tcp port 25 to <Any>. Sorry, I do not have time > to check what exactly you have to enter to shorewall scripts. > Ljubomir > > Bruno Ayub wrote: > > Hello! > > > > My firewall have the main IP and some alias on interface of Internet. I > > configure one of this alias whith IP of my mail server and use DNAT to > > communicate with LAN. I configure the masq file and the e-mails are > > sending with correct IP. Everything is working fine but... > > > > Now, I want my firewall also send e-mails with the same IP of alias. The > > firewall is send e-mails with the main IP of interface. I don''t know > > where I do this configuration. > > > > Some information: > > Internet: eth0 > > LAN: eth1 > > > > Main IP: 201.xx.xx.2 > > Alias (mail): 201.xx.xx.4 > > > > masq file: > > eth0:1 eth1 201.xx.xx.4 tcp smtp > > eth0 eth1 > > > > > > Thanks a lot! > > > > [ ]''s > > > > -- > > Bruno Ayub. > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O''Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Bruno Ayub. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Bruno Ayub wrote:> I just want send some information (logwatch) directly from firewall to > my gmail. That secondary IP has a reverse name configured using the > 201.xx.xx.4 IP. If i could send directly from firewall with this IP, It > isn''t necessary do any configuration on mail server.There is no mail server configuration involved, except to make sure mail server accepts firewall as "local" computer. When you send mail from inside your network, your mail client connects to your mail server, and mail server only forwards that mail for you. Just think of firewalls notification system as an mail client on your internal network, nothing more.> > I will read more about SNAT end try some changes. > > Thanks! > > > On Tue, Apr 28, 2009 at 08:47, Ljubomir Ljubojevic > <office@plcomputers.net <mailto:office@plcomputers.net>> wrote: > > Do you want firewall to act as secondary mail server? > > Or would you accept to just send mails from firewall to your main mail > server, and let main mail server forward it to desired destination? > > Answer to your question is to SNAT to secondary IP all traffic from > <Firewall> with source tcp port 25 to <Any>. Sorry, I do not have time > to check what exactly you have to enter to shorewall scripts. > Ljubomir > > Bruno Ayub wrote: > > Hello! > > > > My firewall have the main IP and some alias on interface of > Internet. I > > configure one of this alias whith IP of my mail server and use > DNAT to > > communicate with LAN. I configure the masq file and the e-mails are > > sending with correct IP. Everything is working fine but... > > > > Now, I want my firewall also send e-mails with the same IP of > alias. The > > firewall is send e-mails with the main IP of interface. I don''t know > > where I do this configuration. > > > > Some information: > > Internet: eth0 > > LAN: eth1 > > > > Main IP: 201.xx.xx.2 > > Alias (mail): 201.xx.xx.4 > > > > masq file: > > eth0:1 eth1 201.xx.xx.4 tcp smtp > > eth0 eth1 > > > > > > Thanks a lot! > > > > [ ]''s > > > > -- > > Bruno Ayub. > > > > > > > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------ > > Register Now & Save for Velocity, the Web Performance & Operations > > Conference from O''Reilly Media. Velocity features a full day of > > expert-led, hands-on workshops and two days of sessions from industry > > leaders in dedicated Performance & Operations tracks. Use code > vel09scf > > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > <mailto:Shorewall-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > -- > Bruno Ayub. > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Bruno Ayub wrote:> I just want send some information (logwatch) directly from firewall to > my gmail. That secondary IP has a reverse name configured using the > 201.xx.xx.4 IP. If i could send directly from firewall with this IP, It > isn''t necessary do any configuration on mail server. > > I will read more about SNAT end try some changes.Start at Shorewall FAQ 18 (http://www.shorewall.net/FAQ.htm#faq18). That will lead you to this article: http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html. That will tell you how to use the alias IP address for ALL outgoing traffic from the LAN. It is a simple task then to restrict that rule to apply only to TCP port 25. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Ljubomir, It makes sense. I''ll try send this report through mail server. Thanks! Tom, thanks too! [ ]''s On Tue, Apr 28, 2009 at 11:36, Tom Eastep <teastep@shorewall.net> wrote:> Bruno Ayub wrote: > > I just want send some information (logwatch) directly from firewall to > > my gmail. That secondary IP has a reverse name configured using the > > 201.xx.xx.4 IP. If i could send directly from firewall with this IP, It > > isn''t necessary do any configuration on mail server. > > > > I will read more about SNAT end try some changes. > > Start at Shorewall FAQ 18 (http://www.shorewall.net/FAQ.htm#faq18). That > will lead you to this article: > http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html. That > will tell you how to use the alias IP address for ALL outgoing traffic > from the LAN. It is a simple task then to restrict that rule to apply > only to TCP port 25. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > Register Now & Save for Velocity, the Web Performance & Operations > Conference from O''Reilly Media. Velocity features a full day of > expert-led, hands-on workshops and two days of sessions from industry > leaders in dedicated Performance & Operations tracks. Use code vel09scf > and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >-- Bruno Ayub. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
Very nice! I''m sending firewall reports through internal mail server. Thanks Ljubomir. [ ]''s On Tue, Apr 28, 2009 at 20:48, Bruno Ayub <bruno.ayub@gmail.com> wrote:> Ljubomir, > > It makes sense. I''ll try send this report through mail server. Thanks! Tom, > thanks too! > > > [ ]''s > > On Tue, Apr 28, 2009 at 11:36, Tom Eastep <teastep@shorewall.net> wrote: > >> Bruno Ayub wrote: >> > I just want send some information (logwatch) directly from firewall to >> > my gmail. That secondary IP has a reverse name configured using the >> > 201.xx.xx.4 IP. If i could send directly from firewall with this IP, It >> > isn''t necessary do any configuration on mail server. >> > >> > I will read more about SNAT end try some changes. >> >> Start at Shorewall FAQ 18 (http://www.shorewall.net/FAQ.htm#faq18). That >> will lead you to this article: >> http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html. That >> will tell you how to use the alias IP address for ALL outgoing traffic >> from the LAN. It is a simple task then to restrict that rule to apply >> only to TCP port 25. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> >> ------------------------------------------------------------------------------ >> Register Now & Save for Velocity, the Web Performance & Operations >> Conference from O''Reilly Media. Velocity features a full day of >> expert-led, hands-on workshops and two days of sessions from industry >> leaders in dedicated Performance & Operations tracks. Use code vel09scf >> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> > > > -- > Bruno Ayub. >-- Bruno Ayub. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O''Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf