Hi, I have a simple question. I have my firewall with 2 external Ip and 1
lan.
For example
ISP1
FW LAN----Mail Server
ISP2
Ok, when i DANT the smpt port to my mail server, I can see that the
conection in my mail server comes from the external IP of my ISP.
I need to change this so the conection to my mail server cames from the LAN
IP from my firewall
Is this possible?
Thanks
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Nico Pagliaro wrote:> I need to change this so the conection to my mail server cames from the > LAN IP from my firewall > Is this possible?Yes -- add the appropriate rule to /etc/shorewall/masq -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ok, here is my conf eth1 ISP1 aaa.aaa.aaa.aaa eth2 ISP2 bbb.bbb.bbb.bbb eth0 Internal IP FW: 192.168.0.4 SMTP: 192.168.0.110 I need that the connection that comes from the Internet to the SMTP look like 192.168.0.4 and not the public IP How must be the rule in the masq? Thanks On Wed, Oct 22, 2008 at 12:42 AM, Tom Eastep <teastep@shorewall.net> wrote:> Nico Pagliaro wrote: > > > I need to change this so the conection to my mail server cames from the > > LAN IP from my firewall > > Is this possible? > > Yes -- add the appropriate rule to /etc/shorewall/masq > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Nico Pagliaro wrote:>Ok, here is my conf > >eth1 ISP1 aaa.aaa.aaa.aaa >eth2 ISP2 bbb.bbb.bbb.bbb > >eth0 Internal IP FW: <http://192.168.0.4>192.168.0.4 > >SMTP: <http://192.168.0.110>192.168.0.110 > >I need that the connection that comes from the Internet to the SMTP >look like <http://192.168.0.4>192.168.0.4 and not the public IPWhy ? It''s a very odd requirement and means that all your mail server logs will have no indication of what the remote end of the connection is - useful for tracking and troubleshooting. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Nico Pagliaro wrote:> Ok, here is my conf > > eth1 ISP1 aaa.aaa.aaa.aaa > eth2 ISP2 bbb.bbb.bbb.bbb > > eth0 Internal IP FW: 192.168.0.4 > > SMTP: 192.168.0.110 > > I need that the connection that comes from the Internet to the SMTP look > like 192.168.0.4 <http://192.168.0.4> and not the public IP > > How must be the rule in the masq?I must agree with Simon that this is a really silly thing to do. The logs on your SMTP server will be practically useless for troubleshooting. Nevertheless... eth0:192.168.0.110 0.0.0.0/0 192.168.0.4 tcp 25 -Tom -- Tom Eastep \ The ultimate result of shielding men from the effects of Shoreline, \ folly is to fill the world with fools. Washington, USA \ -- Herbert Spencer ------------------------------------------------------------------------ http://www.shorewall.net ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ok, I will explain why I need this
I have 2 ISP and 2 firewall and I want to have 2 MX records, one per
firewall/ISP
So, the map look like this
ISP1/FW1
192.168.0.1
LAN
MailSrvr 192.168.0.110 (deafult gw 192.168.0.1)
ISP2/FW2 192.168.0.4
The problem is that the Mail server have 1 default gw, 192.168.0.1 and when
a packet comes from ISP2 the mail server return the packet to the ISP1
because the default gw. This happens because the mail server receive a
packet from a External IP, so the connection SYN_SENT in my mail server is
to a external IP.-
So, how can I fix it? I think that one solution is that all the connection
to the mail server thought FW1 or FW2 are masq with the internal IP, in the
situation the mail sevrer CAN return the packet to the Internal IP.
On Wed, Oct 22, 2008 at 1:23 PM, Tom Eastep <teastep@shorewall.net> wrote:
> Nico Pagliaro wrote:
>
>> Ok, here is my conf
>>
>> eth1 ISP1 aaa.aaa.aaa.aaa
>> eth2 ISP2 bbb.bbb.bbb.bbb
>>
>> eth0 Internal IP FW: 192.168.0.4
>>
>> SMTP: 192.168.0.110
>>
>> I need that the connection that comes from the Internet to the SMTP
look
>> like 192.168.0.4 <http://192.168.0.4> and not the public IP
>>
>> How must be the rule in the masq?
>>
>
> I must agree with Simon that this is a really silly thing to do. The logs
> on your SMTP server will be practically useless for troubleshooting.
>
> Nevertheless...
>
> eth0:192.168.0.110 0.0.0.0/0 192.168.0.4 tcp 25
>
> -Tom
> --
> Tom Eastep \ The ultimate result of shielding men from the effects of
> Shoreline, \ folly is to fill the world with fools.
> Washington, USA \ -- Herbert Spencer
> ------------------------------------------------------------------------
> http://www.shorewall.net
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer''s
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer''s
challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
Nico Pagliaro wrote:> Ok, I will explain why I need this > > I have 2 ISP and 2 firewall and I want to have 2 MX records, one per > firewall/ISP > So, the map look like this > > ISP1/FW1 > 192.168.0.1 <http://192.168.0.1> > > > LAN MailSrvr 192.168.0.110 <http://192.168.0.110> > (deafult gw 192.168.0.1 <http://192.168.0.1>) > > ISP2/FW2 192.168.0.4 <http://192.168.0.4> > > > The problem is that the Mail server have 1 default gw, 192.168.0.1 > <http://192.168.0.1> and when a packet comes from ISP2 the mail server > return the packet to the ISP1 because the default gw. This happens > because the mail server receive a packet from a External IP, so the > connection SYN_SENT in my mail server is to a external IP.- > So, how can I fix it? I think that one solution is that all the > connection to the mail server thought FW1 or FW2 are masq with the > internal IP, in the situation the mail sevrer CAN return the packet to > the Internal IP.If the mail server is a Linux machine, you could run Shorewall-perl 4.2.0 on the mail server and use the new feature that allows two or more providers through a single interface (your two firewalls would be the two providers). Or you could use Shorewall multi-ISP support and only have one firewall that serves both ISPs. -Tom -- Tom Eastep \ The ultimate result of shielding men from the Shoreline, \ effects of folly is to fill the world with fools. Washington, USA \ -Herbert Spencer http://shorewall.net \________________________________________________ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Ok, I havent got linux mail server, I have MS :( And I think that is more robust having 2 FW with 2 different ISP. Well, the solution I test it and it works!!! THANKS again On Wed, Oct 22, 2008 at 3:41 PM, Tom Eastep <teastep@shorewall.net> wrote:> Nico Pagliaro wrote: > > Ok, I will explain why I need this > > > > I have 2 ISP and 2 firewall and I want to have 2 MX records, one per > > firewall/ISP > > So, the map look like this > > > > ISP1/FW1 > > 192.168.0.1 <http://192.168.0.1> > > > > > > LAN MailSrvr 192.168.0.110 <http://192.168.0.110> > > (deafult gw 192.168.0.1 <http://192.168.0.1>) > > > > ISP2/FW2 192.168.0.4 <http://192.168.0.4> > > > > > > The problem is that the Mail server have 1 default gw, 192.168.0.1 > > <http://192.168.0.1> and when a packet comes from ISP2 the mail server > > return the packet to the ISP1 because the default gw. This happens > > because the mail server receive a packet from a External IP, so the > > connection SYN_SENT in my mail server is to a external IP.- > > So, how can I fix it? I think that one solution is that all the > > connection to the mail server thought FW1 or FW2 are masq with the > > internal IP, in the situation the mail sevrer CAN return the packet to > > the Internal IP. > > If the mail server is a Linux machine, you could run Shorewall-perl > 4.2.0 on the mail server and use the new feature that allows two or more > providers through a single interface (your two firewalls would be the > two providers). Or you could use Shorewall multi-ISP support and only > have one firewall that serves both ISPs. > > -Tom > -- > Tom Eastep \ The ultimate result of shielding men from the > Shoreline, \ effects of folly is to fill the world with fools. > Washington, USA \ -Herbert Spencer > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/