LinuxQuestions.org - Pop3 access behind RH9 firewall

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Pop3 access behind RH9 firewall (https://www.linuxquestions.org/questions/linux-newbie-8/pop3-access-behind-rh9-firewall-227608/)

Mental Skylight

09-07-2004 03:52 AM

Pop3 access behind RH9 firewall

I have a RH9 installation operating on a very basic private network. The server runs a web proxy and a mail server. All users have fixed IP's and no login authentication. The firewall settings are on "Medium" and access is granted to all protocols incl Telnet.

I need users to be able to to access individual pop3 accounts at their own ISP's from clients (Win XP) on the network but am struggling.

I have tried to check access by telnet to ISP pop3.domain.com on port 25 from clients but connection fails. Telnet to ISP pop3.domain.com succeeds from the RH9 server.

Any suggestions as to where to look greatly appreciated!

Thanks

Mental

davidbalt

10-03-2004 12:15 PM

I think you have mistaken the usefulness of a "proxy" server.

Proxy servers typically only redirect HTTP traffic on certain ports. If you want your machines behind the firewall to be able to "see" the internet on all ports, you will need to enable NAT on the firewall.

After you do this, you can safely just remove the proxy server, in my opinion.

Enabling NAT varies depending on the distribution and the kernel version. It is actually very easy to do. You should be able to find a HOWTO someplace on setting that up.

Basically, NAT allows your router to send packets to the Internet on behalf of the machines connected to your network. When the "Internet" responds, the router remembers which machine asked for the information and forwards it. In this way, the router becomes a transparent intermediary. NAT is done at the Kernel level, so you might have to recompile your kernel depending on your current configuration.

Hope I pointed you in the right direction!

mini_mike

12-02-2004 01:15 AM

How do I enable NAT from RH9? I pretty much have the same setup. Security is set to medium. And I use SQUID to proxy HTTP requests from workstations behind RH9

davidbalt

12-02-2004 04:27 PM

------------ SNIP -------------
# Load the NAT module (this pulls in all the others).
modprobe iptable_nat

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

----- / SNIP / ---------

You'll probably have to change ppp0 to eth0 or eth1 or whatever for your box.

davidbalt

12-02-2004 04:28 PM

Oh, and you'll obviously need iptables installed at the kernel level, and you'll need the userland tools for iptables installed as well. That *should* come with redhat, but I'm not sure.

All times are GMT -5. The time now is 05:59 AM.