We are now on a DSL behind a Netgear RP614 broadband router. The router has built in configuration for dyndns.org, and from what it says, I''ve got that done okay. Now what should I do to allow connections via the router to our local mailserver? At the moment I can''t make a connection via dyndns and am uncertain whether the problem lies with my shorewall configuration or the router. Any suggestions would be welcome. TIA -- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Whom the gods would destroy, they first make mad. Whom the gods would make mad, they first give computers. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030723/3ff87cd5/attachment.bin
On Thu, 2003-07-24 at 13:00, Robin Lynn Frank wrote:> We are now on a DSL behind a Netgear RP614 broadband router. The router has > built in configuration for dyndns.org, and from what it says, I''ve got that > done okay. Now what should I do to allow connections via the router to our > local mailserver? > > At the moment I can''t make a connection via dyndns and am uncertain whether > the problem lies with my shorewall configuration or the router. Any > suggestions would be welcome.It is not entirely clear to me what you are saying/asking. It sounds as if you are trying to configure/establish a mailserver for your organization. But, it is not clear if the IP address of the mailserver is a "fixed public IP", a "Dynamic public IP" or some private IP. Can you give us some more details? Ed -- http://www.shorewall.net Shorewall, for all your firewall needs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: This is a digitally signed message part Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030724/9a3d8d54/attachment.bin
Hello Robin, you need to configure port forwarding (or whatever it is called by Netgear) for SMTP (port 25) from your router to your mailserver. If you need other protocols, too, do so for every needed port. If no port forwarding is configured the connection is discarded on your router because your router doesn''t offer any mailservice. Regards Manfred p.s. Turn logging on for every relevant mail traffic in your shorewall configuration. So you can watch the logfile and see if your router is correctly configured. p.p.s. Place your mailserver into a DMZ> We are now on a DSL behind a Netgear RP614 broadband router. The router > has > built in configuration for dyndns.org, and from what it says, I''ve got > that > done okay. Now what should I do to allow connections via the router to > our > local mailserver? > > At the moment I can''t make a connection via dyndns and am uncertain > whether > the problem lies with my shorewall configuration or the router. Any > suggestions would be welcome. > > TIA > -- > Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC > > Whom the gods would destroy, they first make mad. > Whom the gods would make mad, they first give computers. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > http://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
On Wed, 2003-07-23 at 22:00, Robin Lynn Frank wrote:> > At the moment I can''t make a connection via dyndns and am uncertain whether > the problem lies with my shorewall configuration or the router. Any > suggestions would be welcome.tcpdump is your friend. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wednesday 23 July 2003 10:00 pm, Robin Lynn Frank wrote:> We are now on a DSL behind a Netgear RP614 broadband router. >Thanks to Tom and all of those who provided suggestions. The initial problem turned out to be router port forwarding. Now that I''ve gotten that straigtened out, I can see things are now being responded to by shorewall as indicated below. We are set up as eth0 loc 192.168.1.1, eth1 net 192.168.0.3. The router is 192.168.0.1. Because this DSL is a dynamic IP, we want to use dyndns.org to provide dns and use our MTA to accept relays from our remote server rather than use fetchmail to retrieve from the remote server. Since I am well known for botching configurations :-( I thought I''d ask before I screw up again. Also, I want to make sure that the hole I open is as small as possible. Jul 24 07:45:44 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18978 DF PROTO=TCP SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Jul 24 07:45:47 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18979 DF PROTO=TCP SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Jul 24 07:45:53 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18980 DF PROTO=TCP SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 -- Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Whom the gods would destroy, they first make mad. Whom the gods would make mad, they first give computers. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: signature Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030724/f58b9e8e/attachment.bin
On Thu, 2003-07-24 at 08:03, Robin Lynn Frank wrote:> > Since I am well known for botching configurations :-( I thought I''d ask before > I screw up again. Also, I want to make sure that the hole I open is as small > as possible. > > Jul 24 07:45:44 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= > MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 > DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18978 DF PROTO=TCP > SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 > Jul 24 07:45:47 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= > MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 > DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18979 DF PROTO=TCP > SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 > Jul 24 07:45:53 alpha kernel: Shorewall:net2all:DROP:IN=eth1 OUT= > MAC=00:09:5b:20:ca:5a:00:09:5b:4a:29:d9:08:00 SRC=216.251.32.116 > DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=36 ID=18980 DF PROTO=TCP > SPT=56316 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0It looks like you are missing a DNAT rule for port forwarding SMTP connections through your Shorewall box to your SMTP server. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net