Hi list, I have the following problem: my boss and some other people on my lan want to use their ISP smtp to send mail when they connect from work lan, but, of course, their ISP smtp don''t allow relay when they aren''t at home. You can image my networks so: eth0 internet public ip eth1 local1 10.88.11.0/24 eth2 local2 10.88.22.0/24 eth3 dmz 10.3.10.6 is my mail server ip address I want to redirect all smtp request, for an ip different from 10.3.10.6, from local1 and local2 to my smtp (10.3.10.6) I think this solve the problem. How I can do this using shorewall? thanks Nicola
On Sat, 2004-12-04 at 00:46 +0100, Nicola Murino wrote:> Hi list, > > I have the following problem: > > my boss and some other people on my lan want to use their ISP smtp to > send mail when they connect from work lan, but, of course, their ISP > smtp don''t allow relay when they aren''t at home. > > You can image my networks so: > > eth0 internet public ip > eth1 local1 10.88.11.0/24 > eth2 local2 10.88.22.0/24 > eth3 dmz 10.3.10.6 is my mail server ip address > > I want to redirect all smtp request, for an ip different from 10.3.10.6, > from local1 and local2 to my smtp (10.3.10.6) I think this solve the > problem. > > How I can do this using shorewall?DNAT local1 dmz:10.3.10.6 tcp 25 - !10.3.10.6 DNAT local2 dmz:10.3.10.6 tcp 25 - !10.3.10.6 Beware that if these people''s ISPs have implemented SPF, then this won''t work because your public IP won''t be a legitimate source for email from those ISPs. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>> I want to redirect all smtp request, for an ip different from10.3.10.6,>> from local1 and local2 to my smtp (10.3.10.6) I think this solve the >> problem. > >> How I can do this using shorewall? > >DNAT local1 dmz:10.3.10.6 tcp 25 - !10.3.10.6 >DNAT local2 dmz:10.3.10.6 tcp 25 - !10.3.10.6Hmmm, you could force the use of a squid proxy this way for port 80 too. Would that be bad?
On Fri, 2004-12-03 at 19:29 -0500, Matt Burleigh wrote:> >> I want to redirect all smtp request, for an ip different from > 10.3.10.6, > >> from local1 and local2 to my smtp (10.3.10.6) I think this solve the > >> problem. > > > >> How I can do this using shorewall? > > > >DNAT local1 dmz:10.3.10.6 tcp 25 - !10.3.10.6 > >DNAT local2 dmz:10.3.10.6 tcp 25 - !10.3.10.6 > > Hmmm, you could force the use of a squid proxy this way for port 80 too. > Would that be bad?The technique described in the Shorewall Squid documentation is preferred. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key