Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need to start this by thanking Mathieu: it wasn’t until I read his helpful replies to SolidSnake that I twigged: 192.168.x.1 is a default gateway: I’d been using it as an ethernet address. Now I’ve finally got my linux masquerading working and the windows machines behind the firewall can see the internet.
Except... SMTP
I CANNOT get the SMTP server on my XP machine to work through the firewall: I can send SMTP mail, I can receive POP mail, but I don’t get any incoming mail on port 25.
When I telnet from my linux box:
Linux:~ # telnet Study 25
Trying 192.168.0.2...
Connected to Study.
Escape character is ‘^]’.
220 hacking.demon.co.uk Turnpike ESMTP server ready
So that seems to be OK. Is there some magic setting in SuSefirewall2 (my fire wall config file) that I need to fix? Would I be better running a SMTP server in a DMZ on the firewall machine and then forwarding to the SMTP server on the XP machine.... and how do I go about that, please?
You should have firewall rules that pass incoming smtp traffic (port 25) through to the Xp machine, a DNAT rule, eg
iptables -t nat -A PREROUTING -i eth~ -p tcp --dport 25 -j DNAT --to-destination 192.168.0.2
iptables -A FORWARD -i eth~ -m state --state NEW,ESTABLISHED -p tcp --dport 25 -d 192.168.0.2 -j ACCEPT
I don't know the exact syntax for the Suse conf tho'...
I have actually got smtp to work, for now, by editing my SuSefirewall (configuaration) file. FW_FORWARD_MASQ="194.217.242.164,192.168.0.2,tcp,25 "
The problems I still have are:
1) The documentation says "beware to do this"
2) This routes 194.217.242.164 to the local machine where the smtp server is... but Demon Internet say that they send smtp on the whole 194.217.242. network. My configuration might not work tomorrow. How do I specify the whole network? Is it something like 194.217.242.0/255 ? And is this safe?
3) The SuSe docs all say that proxies are safer than firewalls. Should I set up a web proxy, an smtp proxy, an ftp proxy and so-on?
I have actually got smtp to work, for now, by editing my SuSefirewall (configuaration) file. FW_FORWARD_MASQ="194.217.242.164,192.168.0.2,tcp,25 "
The problems I still have are:
1) The documentation says "beware to do this"
I wonder why??
Quote:
2) This routes 194.217.242.164 to the local machine where the smtp server is... but Demon Internet say that they send smtp on the whole 194.217.242. network. My configuration might not work tomorrow. How do I specify the whole network? Is it something like 194.217.242.0/255 ? And is this safe?
It is as safe as your smtpd server is.
Port forwarding doesn't expose you to any risks unless you don't do any filtering before the redirect...
If you redirect the world (0.0.0.0) to your smtpd server you are ok. Just set it up properly first, relay permissions, virtual mailboxes etc.
specify the netmask as 194.217.242.0/24
Quote:
3) The SuSe docs all say that proxies are safer than firewalls. Should I set up a web proxy, an smtp proxy, an ftp proxy and so-on?
All feedback welcome.
Nick
Proxies CAN be safer than firewalls, if they are set up to filter, but an smtp proxy is merely another smtp server..
Now there are 2 to look after when 1 can be sufficient.
There are many schools of thought about filtering, but so long as you DO filter, that's the minimum.
What do you want to achieve overall?
Last edited by peter_robb; 09-22-2003 at 04:14 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.