[Firehol-support] Newbie question. NAT / DNAT? or port redirection ?

Alejandro Pizano petkill at hotmail.com
Wed Feb 11 06:09:15 GMT 2004 

Hi, good day

I`m a newbie working with firewalls, I know about the basics, allowing some 
ports , etc.

My "problem" is this one, i have a little lan (6 windows pc`s )  and a linux 
box as a file server (samba)

2 weeks ago  my boss sugested me to share an internet connection, this is a 
cable, dynamic ip internet connection. Ok no problem, Squid as the http 
proxy.  Everything was  fine

But .........

We recived also an email account from our ISP, you know, a pop3 / smtp 
account on their server (fixed ip),
On one windows pc (local lan 192.168.1.6) i tried to configure outlook in 
order to acces the mail account, so  i started my research,  I know it has 
something to do with IPTABLES

First I alllowed conection to smtp (25) , pop3( 110) and imap ports.  I only 
got this: Error unable to connect to server.

I`ve been reading the "how tos" at iptables.org and i think it has something 
to do with NAT / DNAT  or maybe port redirection, but after two weeks I 
haven`t make it work and I don`t have an idea of how 2 do it.

Could someone please tell me what to do? what  I`m doing wrong?, or what to 
read?

Excuse me If this has nothing to do with iptables but it`s the only thing i 
can think about to fix this problem

{ISP`s  }     eth0    [ Linux   ]   eth1   [ 192.168.1.6    ]
{Mail   } ---------> [  box    ]  ----->  [  Mail reader    ]
{server}     dhcp   [ RH 9.0 ]   Lan    [    smtp pop3   ]

My script  (at least the only one that works)

##################################################
# Require release 5 of FireHOL configuration directives
version 5

# Internal Network IP Address
lan_ips="192.168.1.0"

# Transparent Proxy
transparent_squid 8080 "squid root" inface eth1

# My LAN. Everything is allowed here.
interface eth1 lan
         server  samba   accept
         server  squid   accept
         server  ssh     accept
         server  http    accept
         server  pop3    accept
         server  smtp    accept
         server  dhcp    accept
	 server  imap	 accept
         policy  reject

interface eth0 internet
         protection      strong  10/sec 10
         server  pop3    accept
         server  smtp    accept
         server  dhcp    accept
	 server  imap	 accept
         server  ssh     accept
         server  http    accept
         server  ident   reject with tcp-reset
         client  all     accept


router internet2lan inface eth1 outface eth0
	 masquerade      reverse
         client  all     accept

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

More information about the Firehol-support mailing list