LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-20-2003, 07:06 AM   #1
Z8002
LQ Newbie
 
Registered: Sep 2003
Location: Lancashire
Distribution: SuSe 9.0
Posts: 12

Rep: Reputation: 0
Turnpike SMTP through SuSefirewall2?


I need to start this by thanking Mathieu: it wasn’t until I read his helpful replies to SolidSnake that I twigged: 192.168.x.1 is a default gateway: I’d been using it as an ethernet address. Now I’ve finally got my linux masquerading working and the windows machines behind the firewall can see the internet.

Except... SMTP

I CANNOT get the SMTP server on my XP machine to work through the firewall: I can send SMTP mail, I can receive POP mail, but I don’t get any incoming mail on port 25.

When I telnet from my linux box:

Linux:~ # telnet Study 25
Trying 192.168.0.2...
Connected to Study.
Escape character is ‘^]’.
220 hacking.demon.co.uk Turnpike ESMTP server ready


So that seems to be OK. Is there some magic setting in SuSefirewall2 (my fire wall config file) that I need to fix? Would I be better running a SMTP server in a DMZ on the firewall machine and then forwarding to the SMTP server on the XP machine.... and how do I go about that, please?

All ideas gratefully received.....
 
Old 09-20-2003, 04:11 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
You should have firewall rules that pass incoming smtp traffic (port 25) through to the Xp machine, a DNAT rule, eg
iptables -t nat -A PREROUTING -i eth~ -p tcp --dport 25 -j DNAT --to-destination 192.168.0.2
iptables -A FORWARD -i eth~ -m state --state NEW,ESTABLISHED -p tcp --dport 25 -d 192.168.0.2 -j ACCEPT

I don't know the exact syntax for the Suse conf tho'...
 
Old 09-21-2003, 04:06 PM   #3
Z8002
LQ Newbie
 
Registered: Sep 2003
Location: Lancashire
Distribution: SuSe 9.0
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks, Peter.

I have actually got smtp to work, for now, by editing my SuSefirewall (configuaration) file. FW_FORWARD_MASQ="194.217.242.164,192.168.0.2,tcp,25 "

The problems I still have are:

1) The documentation says "beware to do this"

2) This routes 194.217.242.164 to the local machine where the smtp server is... but Demon Internet say that they send smtp on the whole 194.217.242. network. My configuration might not work tomorrow. How do I specify the whole network? Is it something like 194.217.242.0/255 ? And is this safe?

3) The SuSe docs all say that proxies are safer than firewalls. Should I set up a web proxy, an smtp proxy, an ftp proxy and so-on?

All feedback welcome.

Nick
 
Old 09-22-2003, 04:09 AM   #4
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Quote:
Originally posted by Z8002
Thanks, Peter.

I have actually got smtp to work, for now, by editing my SuSefirewall (configuaration) file. FW_FORWARD_MASQ="194.217.242.164,192.168.0.2,tcp,25 "

The problems I still have are:

1) The documentation says "beware to do this"
I wonder why??

Quote:
2) This routes 194.217.242.164 to the local machine where the smtp server is... but Demon Internet say that they send smtp on the whole 194.217.242. network. My configuration might not work tomorrow. How do I specify the whole network? Is it something like 194.217.242.0/255 ? And is this safe?
It is as safe as your smtpd server is.
Port forwarding doesn't expose you to any risks unless you don't do any filtering before the redirect...
If you redirect the world (0.0.0.0) to your smtpd server you are ok. Just set it up properly first, relay permissions, virtual mailboxes etc.
specify the netmask as 194.217.242.0/24

Quote:
3) The SuSe docs all say that proxies are safer than firewalls. Should I set up a web proxy, an smtp proxy, an ftp proxy and so-on?

All feedback welcome.

Nick
Proxies CAN be safer than firewalls, if they are set up to filter, but an smtp proxy is merely another smtp server..
Now there are 2 to look after when 1 can be sufficient.
There are many schools of thought about filtering, but so long as you DO filter, that's the minimum.

What do you want to achieve overall?

Last edited by peter_robb; 09-22-2003 at 04:14 AM.
 
Old 09-22-2003, 04:32 PM   #5
Z8002
LQ Newbie
 
Registered: Sep 2003
Location: Lancashire
Distribution: SuSe 9.0
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks for the advice, again. One more question... it's a question of syntax, really.

194.217.242.0/24 ? what does the /24 mean? Is it a range, or a logical or, or what?

Sorry to be obtuse.

Nick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SuseFirewall2 XaViaR SUSE / openSUSE 4 06-02-2005 10:40 PM
Postfis SMTP forwarding and Incoming SMTP pheasand Linux - Software 0 04-27-2005 05:32 PM
susefirewall2 gazza Linux - Newbie 2 04-05-2004 01:22 AM
SMTP and KMail and SMTP and Netscape Mail jazz... Linux - Newbie 5 10-11-2003 03:49 AM
SuSEfirewall2 cdeorla Linux - Security 4 09-21-2003 07:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration