[RE: [lug] Sending POP email thru firewall]

Andrew Diederich andrew at NETdelivery.com
Tue Jul 11 15:33:46 MDT 2000


I believe forward rules use the same input and output devices 
as output rules, so you should use -i $INTERNAL_INTERFACE instead.

--
Andrew
> -----Original Message-----
> From: Justin [mailto:glowecon at netscape.net]
> Subject: Re: [RE: [lug] Sending POP email thru firewall]
> 
> 
> That was poorly worded I guess. I am having troubles sending 
> mail from behind
> my ipchains firewall, I can recieve the email fine from POP 
> mail servers. Now
> that I think about it I need to check how my firewall handles 
> port 25 and not
> the POP stuff, hehe. The following is what I have for SMTP handling:
> 
> SMTP_SERVER="my.mailserver.com"
> 
> # SMTP client (25)
> # ----------------
> ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> -s $IPADDR $UNPRIVPORTS \
> -d $SMTP_SERVER 25 -j ACCEPT 
> 
> ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $SMTP_SERVER 25 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT 
> 
> Plus my MASQ entry:
> ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
> 
> Does that look correct? 
> 
> Justin
> > > Sent: Tuesday, July 11, 2000 12:59 PM
> > > To: BLUG
> > > Subject: [lug] Sending POP email thru firewall
> > >
> > >
> > > I have some client machines that are having trouble 
> sending POP email
> thru
> > > my ipchains firewall. Everytime I try to send an email I 
> get a connection
> > > time out because the pop server cannot be contacted. I can
> > > recieve mail just
> > > fine however. Another thing is, while trying to watch the packets
> > > go thru the
> > > firewall with sniffit I noticed that when the local 
> interface is in
> > > promiscuous mode the mail goes thru. I have the following 
> rules for POP
> > > input/output:
> > >
> > > EXTERNAL_INTERFACE="eth1"
> > > LOCAL_INTERFACE_1="eth0"
> > > IPADDR="my.ip.adress"
> > > LOCALNET_1="192.168.1.0/24"
> > > UNPRIVPORTS="1024:65535"
> > >
> > > # POP client (110)
> > > # ----------------
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d mypop.server.com 110 -j ACCEPT
> > >
> > > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s mypop.server.com 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d pop.dnvr.uswest.net 110 -j ACCEPT
> > >
> > > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s pop.dnvr.uswest.net 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > This problem has plagued me for a long time. Is there anything
> > > special that
> > > needs to be done for mail to be sent thru? Any ideas?
> > >
> > > Justin
> > >
> > > 
> ____________________________________________________________________
> > > Get your own FREE, personal Netscape WebMail account today at
> > http://webmail.netscape.com.
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> > 
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at 
http://webmail.netscape.com.

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list