Hi, $FW zone is running a mail server on non-priv port 60025, for this I added the following to rules: REDIRECT all 60025 tcp 25 However, this redirects all port 25 dests, including non-$FW zones, to $FW:25 e.g. when I want to send mail to yahoo from $FW my mail server running on 60025 responds. How can I fix this? (shorewall 3.4.2, iptables 1.3.5, kernel 2.6.20) thanks. ____________________________________________________________________________________Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it''s updated for today''s economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tarkan Zincirci wrote:> Hi, > $FW zone is running a mail server on non-priv port 60025, for this I > added the following to rules: > REDIRECT all 60025 tcp 25 > > However, this redirects all port 25 dests, including non-$FW zones, to > $FW:25 > e.g. when I want to send mail to yahoo from $FW my mail server running > on 60025 responds. How can I fix this? > (shorewall 3.4.2, iptables 1.3.5, kernel 2.6.20)Place you firewall''s external IP address in the ORIGINAL DEST column. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
--- Tom Eastep <teastep@shorewall.net> wrote:> Tarkan Zincirci wrote: > > Hi, > > $FW zone is running a mail server on non-priv port 60025, for this I > > added the following to rules: > > REDIRECT all 60025 tcp 25 > > > > However, this redirects all port 25 dests, including non-$FW zones, to > > $FW:25 > > e.g. when I want to send mail to yahoo from $FW my mail server running > > on 60025 responds. How can I fix this? > > (shorewall 3.4.2, iptables 1.3.5, kernel 2.6.20) > > Place you firewall''s external IP address in the ORIGINAL DEST column. >Hi Tom, Thanks for prompt answer. That IP address is not static, so I guess I''ll have to edit rules everytime it gets a new IP. Is there some other generic way? ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Tarkan Zincirci wrote:> --- Tom Eastep <teastep@shorewall.net> wrote: > >> Tarkan Zincirci wrote: >>> Hi, >>> $FW zone is running a mail server on non-priv port 60025, for this I >>> added the following to rules: >>> REDIRECT all 60025 tcp 25 >>> >>> However, this redirects all port 25 dests, including non-$FW zones, to >>> $FW:25 >>> e.g. when I want to send mail to yahoo from $FW my mail server running >>> on 60025 responds. How can I fix this? >>> (shorewall 3.4.2, iptables 1.3.5, kernel 2.6.20) >> Place you firewall''s external IP address in the ORIGINAL DEST column. >> > > Hi Tom, > Thanks for prompt answer. That IP address is not static, so I guess I''ll have > to edit rules everytime it gets a new IP. Is there some other generic way? >Look at the FAQ and search for ''find_first_interface_address''. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/