[RE: [lug] Sending POP email thru firewall]
George Sexton
gsexton at mhsoftware.com
Tue Jul 11 15:27:31 MDT 2000
Change:
ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
to
ipchains -A forward -s $LOCALNET_1 -j MASQ
What you are attempting to do makes logical sense, but I know from
experience it doesn't work.
I got bit severely by this a couple of weeks ago, and it took me a while to
get sorted out.
George Sexton
MH Software, Inc.
Voice: 303 438 9585
http://www.mhsoftware.com
> -----Original Message-----
> From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> Behalf Of Justin
> Sent: Tuesday, July 11, 2000 3:08 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [RE: [lug] Sending POP email thru firewall]
>
>
> That was poorly worded I guess. I am having troubles sending mail
> from behind
> my ipchains firewall, I can recieve the email fine from POP mail
> servers. Now
> that I think about it I need to check how my firewall handles
> port 25 and not
> the POP stuff, hehe. The following is what I have for SMTP handling:
>
> SMTP_SERVER="my.mailserver.com"
>
> # SMTP client (25)
> # ----------------
> ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> -s $IPADDR $UNPRIVPORTS \
> -d $SMTP_SERVER 25 -j ACCEPT
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $SMTP_SERVER 25 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
> Plus my MASQ entry:
> ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
>
> Does that look correct?
>
> Justin
>
> "George Sexton" <gsexton at mhsoftware.com> wrote:
> > There really is no such thing as "sending POP email". POP is a
> protocol for
> > retrieving Email.
> >
> > SMTP (port 25) is used for sending Email.
> >
> > Is your problem really related to retrieving POP messages, or sending
> Email?
> >
> > > -----Original Message-----
> > > From: lug-admin at lug.boulder.co.us
> [mailto:lug-admin at lug.boulder.co.us]On
> > > Behalf Of Justin
> > > Sent: Tuesday, July 11, 2000 12:59 PM
> > > To: BLUG
> > > Subject: [lug] Sending POP email thru firewall
> > >
> > >
> > > I have some client machines that are having trouble sending POP email
> thru
> > > my ipchains firewall. Everytime I try to send an email I get
> a connection
> > > time out because the pop server cannot be contacted. I can
> > > recieve mail just
> > > fine however. Another thing is, while trying to watch the packets
> > > go thru the
> > > firewall with sniffit I noticed that when the local interface is in
> > > promiscuous mode the mail goes thru. I have the following
> rules for POP
> > > input/output:
> > >
> > > EXTERNAL_INTERFACE="eth1"
> > > LOCAL_INTERFACE_1="eth0"
> > > IPADDR="my.ip.adress"
> > > LOCALNET_1="192.168.1.0/24"
> > > UNPRIVPORTS="1024:65535"
> > >
> > > # POP client (110)
> > > # ----------------
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d mypop.server.com 110 -j ACCEPT
> > >
> > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s mypop.server.com 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d pop.dnvr.uswest.net 110 -j ACCEPT
> > >
> > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s pop.dnvr.uswest.net 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > This problem has plagued me for a long time. Is there anything
> > > special that
> > > needs to be done for mail to be sent thru? Any ideas?
> > >
> > > Justin
> > >
> > > ____________________________________________________________________
> > > Get your own FREE, personal Netscape WebMail account today at
> > http://webmail.netscape.com.
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list