[lug] SMTP mail thru firewall
Andrew Diederich
andrew at NETdelivery.com
Wed Jul 12 11:11:21 MDT 2000
Have you tried telneting to port 25 from inside? If you don't see
return chars (sendmail version blah, etc.) then it may be the
return leg that is your problem, not the outgoing. Though the
de-masqing should happen automatically.
I was bas-ackwards before, you should use the -i external
interface. That'll teach me to type away without looking at
my scripts. Below is a generic MASQ rule I stole from somewhere:
# masquerade from local net on local interface to anywhere
#
ipchains -A forward -i $EXTINT -s $INTNET -d 0/0 -j MASQ
and putting logging on your deny rules should really help.
--
Andrew
> -----Original Message-----
> From: Justin [mailto:glowecon at netscape.net]
> Sent: Wednesday, July 12, 2000 10:06
> To: BLUG
> Subject: [lug] SMTP mail thru firewall
>
>
> Well I tried changing my MASQ line to not include the '-i
> $INTERFACE' part and
> I still couldn't get my smtp mail to go out. I can, however,
> see the mail msg
> hitting my mail server but the maillog shows the connection
> timing out:
>
> Jul 11 23:35:54 localhost postfix/smtpd[9013]: connect from
> ns2.mydomain.com[63.228.xx.xx]
> Jul 11 23:35:54 localhost postfix/smtpd[9013]: 50F5A57BFE:
> client=ns2.mydomain.com[63.228.xx.xx]
> Jul 11 23:40:59 localhost postfix/smtpd[9013]: timeout after DATA from
> ns2.mydomain.com[63.228.xx.xx]
> Jul 11 23:40:59 localhost postfix/smtpd[9013]: disconnect from
> ns2.mydomain.com[63.228.xx.xx]
>
> ns2 being the machine with the firewall and the clients
> behind it. This error
> happened whether or not I included the -i $INTERFACE part of
> my the MASQ
> entry. One interesting thing is that when the internal
> interface on teh
> firewall box is in promiscuous mode, the mail shoots right
> thru. Not sure what
> that means exactly...any other thoughts?
>
> Justin
>
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list