Hello, I''m new to the list and having a question u may help cause i couldn''t find a solution on the website... I''ve 3 Server. One Firewall with an official IP One Server in the DMZ with an official IP and one in the local network with an local IP off cause. Now i want that an SMTP Session addressed to the Firewall is redirected to the Local server (normal DNAT) but also if a SMTP Session is addressed to DMZ its working. I tried a normal DNAT but then all SMTP Sessions were redirected to the local server. Anyone can help? -- MfG Ingo Ebel Human knowledge belongs to the world. (Antitrust) RadioTux.de - InternetRadio rund um Linux und OpenSource SF-Radio.net - Science Fiction Radio JITCreatives.de - WebHosting and Consulting ICQ: 22278585 ## Jabber: savar@jabber.ccc.de ## FAX u. AB: 0700/46463235
Ingo Ebel wrote:> ... > I''ve 3 Server. > One Firewall with an official IP > One Server in the DMZ with an official IP > and one in the local network with an local IP off cause. > > Now i want that an SMTP Session addressed to the Firewall is redirected to the > Local server (normal DNAT) > > but also if a SMTP Session is addressed to DMZ its working. > > I tried a normal DNAT but then all SMTP Sessions were redirected to the local > server.Sounds like you need to specify the original destination IP address on your DNAT rule so that it doesn''t match packets destined for the DMZ server. Paul ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Am Mittwoch, 1. März 2006 23:40 schrieb Paul Gear:> Ingo Ebel wrote: > > ... > > Sounds like you need to specify the original destination IP address on > your DNAT rule so that it doesn''t match packets destined for the DMZ > server. >And how do I do that? How would a DNAT rule look like? DNAT net:? loc:192.168.1.99 25 -- MfG Ingo Ebel RadioTux.de - InternetRadio rund um Linux und OpenSource SF-Radio.net - Science Fiction Radio JITCreatives.de - WebHosting and Consulting ICQ: 22278585 ## Jabber: savar@jabber.ccc.de ## FAX u. AB: 0700/46463235
Ingo Ebel wrote:> Am Mittwoch, 1. März 2006 23:40 schrieb Paul Gear: > >> Ingo Ebel wrote: >> >>> ... >>> >> Sounds like you need to specify the original destination IP address on >> your DNAT rule so that it doesn''t match packets destined for the DMZ >> server. >> >> > > And how do I do that? > How would a DNAT rule look like? > > DNAT net:? loc:192.168.1.99 25 > >see: http://www.shorewall.net/FAQ.htm#faq1 So your rule should be like: # smtp DNAT net loc:192.168.1.99 tcp 25 - <your external ip> DNAT net loc:192.168.1.99 udp 25 - <your external ip> hth, Peter -- _______________________________ Dr. Hagen&Partner GmbH Am Weichselgarten 7 91058 Erlangen Tel: (0049)9131/691-330 Fax: (0049)9131/691-248 _______________________________ ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642