I''ve DNATed my smtp port to an internal system with: DNAT net loc:192.168.0.2 tcp smtp I''m running Postfix on that system; and can connect internally. When I try to come in for outside, I get "connection refused". Help Thanks; Mike
> -----Original Message----- > From: Mike Oroza > > I''ve DNATed my smtp port to an internal system with: > DNAT net loc:192.168.0.2 tcp smtp > > I''m running Postfix on that system; and can connect > internally. When I try to come in for outside, I get > "connection refused". Help >I use sendmail in a NAT''d environment, but... 1) Does postfix need to be configured to allow external connections? e.g. like editing a hosts.allow file or something along those line 2) Are you sure your ISP is not blocking inbound smtp connections? Steve Cowles
Cowles, Steve wrote:>>-----Original Message----- >>From: Mike Oroza >> >>I''ve DNATed my smtp port to an internal system with: >>DNAT net loc:192.168.0.2 tcp smtp >> >>I''m running Postfix on that system; and can connect >>internally. When I try to come in for outside, I get >>"connection refused". Help >> > > > I use sendmail in a NAT''d environment, but... > > 1) Does postfix need to be configured to allow external connections? e.g. > like editing a hosts.allow file or something along those line >If you post the output of "postconf -n", we can see if Postfix is configured ok. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Cowles, Steve wrote:>>-----Original Message----- >>From: Mike Oroza >> >>I''ve DNATed my smtp port to an internal system with: >>DNAT net loc:192.168.0.2 tcp smtp >> >>I''m running Postfix on that system; and can connect >>internally. When I try to come in for outside, I get >>"connection refused". Help >> > > > 2) Are you sure your ISP is not blocking inbound smtp connections? >After trying to connect from the outside, do "shorewall show nat" and look at the "net_dnat" chain. You will see an entry with the last part: tcp dpt:25 to:192.168.0.2 Look in the first column in that entry (packet count). If that column is zero, the connection request is being blocked before it reaches your firewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net