[RE: [lug] Sending POP email thru firewall]
Andrew Diederich
andrew at NETdelivery.com
Tue Jul 11 15:33:46 MDT 2000
I believe forward rules use the same input and output devices
as output rules, so you should use -i $INTERNAL_INTERFACE instead.
--
Andrew
> -----Original Message-----
> From: Justin [mailto:glowecon at netscape.net]
> Subject: Re: [RE: [lug] Sending POP email thru firewall]
>
>
> That was poorly worded I guess. I am having troubles sending
> mail from behind
> my ipchains firewall, I can recieve the email fine from POP
> mail servers. Now
> that I think about it I need to check how my firewall handles
> port 25 and not
> the POP stuff, hehe. The following is what I have for SMTP handling:
>
> SMTP_SERVER="my.mailserver.com"
>
> # SMTP client (25)
> # ----------------
> ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> -s $IPADDR $UNPRIVPORTS \
> -d $SMTP_SERVER 25 -j ACCEPT
>
> ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> -s $SMTP_SERVER 25 \
> -d $IPADDR $UNPRIVPORTS -j ACCEPT
>
> Plus my MASQ entry:
> ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
>
> Does that look correct?
>
> Justin
> > > Sent: Tuesday, July 11, 2000 12:59 PM
> > > To: BLUG
> > > Subject: [lug] Sending POP email thru firewall
> > >
> > >
> > > I have some client machines that are having trouble
> sending POP email
> thru
> > > my ipchains firewall. Everytime I try to send an email I
> get a connection
> > > time out because the pop server cannot be contacted. I can
> > > recieve mail just
> > > fine however. Another thing is, while trying to watch the packets
> > > go thru the
> > > firewall with sniffit I noticed that when the local
> interface is in
> > > promiscuous mode the mail goes thru. I have the following
> rules for POP
> > > input/output:
> > >
> > > EXTERNAL_INTERFACE="eth1"
> > > LOCAL_INTERFACE_1="eth0"
> > > IPADDR="my.ip.adress"
> > > LOCALNET_1="192.168.1.0/24"
> > > UNPRIVPORTS="1024:65535"
> > >
> > > # POP client (110)
> > > # ----------------
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d mypop.server.com 110 -j ACCEPT
> > >
> > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s mypop.server.com 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > -s $IPADDR $UNPRIVPORTS \
> > > -d pop.dnvr.uswest.net 110 -j ACCEPT
> > >
> > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > -s pop.dnvr.uswest.net 110 \
> > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > >
> > > This problem has plagued me for a long time. Is there anything
> > > special that
> > > needs to be done for mail to be sent thru? Any ideas?
> > >
> > > Justin
> > >
> > >
> ____________________________________________________________________
> > > Get your own FREE, personal Netscape WebMail account today at
> > http://webmail.netscape.com.
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> >
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list