Hi I need help . i just change company and they not have firewall . i choose shorewall everything work well but i have one problems how i forward smtp my local mail server. i wrote rules files the next rules smtp ----> net ------> local ACCEPT net loc:my ip:25 tcp 25 - all are this correct and what else i must do i try get telnet connect outside my firewall address and port 25 nothing happen but if i connect local network it works " telnet my_local_ip 25" i hope you can help me jarmo ***************************** e-mail jarmo.rajala@meconet.net
jarmo.rajala@hoasnet.fi (12.7.2002 10:32):>Hi > >I need help . i just change company and they not have firewall . i >choose shorewall everything work well but i have one problems how i >forward smtp my local mail server. >i wrote rules files the next rules > > >smtp ----> net ------> local > >ACCEPT net loc:my ip:25 tcp 25 - allIf external IP of your FW and external IP of your MAIL server are different: DNAT net loc:local=5FIP=5Fof=5Fmail=5Fserver tcp =20 25 - external=5FIP=5Fof=5Fmail=5Fserver If IP of your FW and MAIL server are the same: DNAT net loc:local=5FIP=5Fof=5Fmail=5Fserver tcp 25 - You should check FAQ ---> http://slovakia.shorewall.net/FAQ.htm#faq1 Ciao, TimeLord> >are this correct and what else i must do > >i try get telnet connect outside my firewall address and port 25 nothing >happen >but if i connect local network it works >" telnet my=5Flocal=5Fip 25" > >i hope you can help me > > >jarmo >***************************** > >e-mail jarmo.rajala@meconet.net > >=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F >Shorewall-users mailing list >Shorewall-users@shorewall.net >http://www.shorewall.net/mailman/listinfo/shorewall-users
On Fri, 12 Jul 2002, jarmo.rajala@hoasnet.fi wrote:> Hi > > I need help . i just change company and they not have firewall . i > choose shorewall everything work well but i have one problems how i > forward smtp my local mail server. > i wrote rules files the next rules > > > smtp ----> net ------> local > > ACCEPT net loc:my ip:25 tcp 25 - all > > are this correct and what else i must doThat is correct syntax for Shorewall 1.2 assuming that your local network is masqueraded (or uses explicit SNAT).> > i try get telnet connect outside my firewall address and port 25 nothing > happen > but if i connect local network it works > " telnet my_local_ip 25" >Have you used tcpdump to look at what''s happening when you try to connect? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net