[RE: [RE: [lug] Sending POP email thru firewall]]
Justin
glowecon at netscape.net
Tue Jul 11 15:36:24 MDT 2000
This doesn't work for MASQ'ing in general or when trying to send email thru
the firewall?
justin
"George Sexton" <gsexton at mhsoftware.com> wrote:
> Change:
>
> ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
>
> to
>
> ipchains -A forward -s $LOCALNET_1 -j MASQ
>
> What you are attempting to do makes logical sense, but I know from
> experience it doesn't work.
>
> I got bit severely by this a couple of weeks ago, and it took me a while to
> get sorted out.
>
> George Sexton
> MH Software, Inc.
> Voice: 303 438 9585
> http://www.mhsoftware.com
>
>
> > -----Original Message-----
> > From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> > Behalf Of Justin
> > Sent: Tuesday, July 11, 2000 3:08 PM
> > To: lug at lug.boulder.co.us
> > Subject: Re: [RE: [lug] Sending POP email thru firewall]
> >
> >
> > That was poorly worded I guess. I am having troubles sending mail
> > from behind
> > my ipchains firewall, I can recieve the email fine from POP mail
> > servers. Now
> > that I think about it I need to check how my firewall handles
> > port 25 and not
> > the POP stuff, hehe. The following is what I have for SMTP handling:
> >
> > SMTP_SERVER="my.mailserver.com"
> >
> > # SMTP client (25)
> > # ----------------
> > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > -s $IPADDR $UNPRIVPORTS \
> > -d $SMTP_SERVER 25 -j ACCEPT
> >
> > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > -s $SMTP_SERVER 25 \
> > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> >
> > Plus my MASQ entry:
> > ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
> >
> > Does that look correct?
> >
> > Justin
> >
> > "George Sexton" <gsexton at mhsoftware.com> wrote:
> > > There really is no such thing as "sending POP email". POP is a
> > protocol for
> > > retrieving Email.
> > >
> > > SMTP (port 25) is used for sending Email.
> > >
> > > Is your problem really related to retrieving POP messages, or sending
> > Email?
> > >
> > > > -----Original Message-----
> > > > From: lug-admin at lug.boulder.co.us
> > [mailto:lug-admin at lug.boulder.co.us]On
> > > > Behalf Of Justin
> > > > Sent: Tuesday, July 11, 2000 12:59 PM
> > > > To: BLUG
> > > > Subject: [lug] Sending POP email thru firewall
> > > >
> > > >
> > > > I have some client machines that are having trouble sending POP email
> > thru
> > > > my ipchains firewall. Everytime I try to send an email I get
> > a connection
> > > > time out because the pop server cannot be contacted. I can
> > > > recieve mail just
> > > > fine however. Another thing is, while trying to watch the packets
> > > > go thru the
> > > > firewall with sniffit I noticed that when the local interface is in
> > > > promiscuous mode the mail goes thru. I have the following
> > rules for POP
> > > > input/output:
> > > >
> > > > EXTERNAL_INTERFACE="eth1"
> > > > LOCAL_INTERFACE_1="eth0"
> > > > IPADDR="my.ip.adress"
> > > > LOCALNET_1="192.168.1.0/24"
> > > > UNPRIVPORTS="1024:65535"
> > > >
> > > > # POP client (110)
> > > > # ----------------
> > > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > > -s $IPADDR $UNPRIVPORTS \
> > > > -d mypop.server.com 110 -j ACCEPT
> > > >
> > > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > > -s mypop.server.com 110 \
> > > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > > >
> > > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \
> > > > -s $IPADDR $UNPRIVPORTS \
> > > > -d pop.dnvr.uswest.net 110 -j ACCEPT
> > > >
> > > > ipchains -A input -i $EXTERNAL_INTERFACE -p tcp ! -y \
> > > > -s pop.dnvr.uswest.net 110 \
> > > > -d $IPADDR $UNPRIVPORTS -j ACCEPT
> > > >
> > > > This problem has plagued me for a long time. Is there anything
> > > > special that
> > > > needs to be done for mail to be sent thru? Any ideas?
> > > >
> > > > Justin
> > > >
> > > > ____________________________________________________________________
> > > > Get your own FREE, personal Netscape WebMail account today at
> > > http://webmail.netscape.com.
> > >
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > >
> > >
> > > _______________________________________________
> > > Web Page: http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >
> >
> > ____________________________________________________________________
> > Get your own FREE, personal Netscape WebMail account today at
> http://webmail.netscape.com.
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
More information about the LUG
mailing list