[Firehol-support] Newbie question. NAT / DNAT? or port redirection ?
Andre Marenke
andre.marenke at ampwest.com.au
Wed Feb 11 06:36:02 GMT 2004
G'day
On Wed, 2004-02-11 at 17:09, Alejandro Pizano wrote:
> We recived also an email account from our ISP, you know, a pop3 / smtp
> account on their server (fixed ip),
> On one windows pc (local lan 192.168.1.6) i tried to configure outlook in
> order to acces the mail account, so i started my research, I know it has
> something to do with IPTABLES
Using Firehol, you won't have to do with iptables yourself. Firehol is a
bash script frontend, which in turn generates the iptables for you.
> First I alllowed conection to smtp (25) , pop3( 110) and imap ports. I only
> got this: Error unable to connect to server.
Going by your configuration below, you have allowed access to
smtp/pop/imap from your lan to your server as well as from the internet
to your server. See corrections below.
> Could someone please tell me what to do? what I`m doing wrong?, or what to
> read?
Read all the documentation at firehol.sf.net again. In itself it
provides a great start to understanding firewalls. Create rules restart
firehol and see how iptables change (using `firehol status`)
Try the following script for a very basic setup and then add in more as
you read the manual to tighten your firewall.
(my comments prefixed with *)
# Internal Network IP Address
*lan_ips="192.168.1.0"
* Leave this line out at the beginning. You are not using it in your
script. Once everything is working, you can tag this on to your routers
using the src/dst tags
# Transparent Proxy
transparent_squid 8080 "squid root" inface eth1
# My LAN. Everything is allowed here.
interface eth1 lan
server samba accept
server squid accept
server ssh accept
*# server http accept
*# server pop3 accept
*# server smtp accept
server dhcp accept
*# server imap accept
policy reject
* if your server does not have pop/smtp/http/imap running, leave those
servers out. For outgoing connections, you'll have to define a router.
interface eth0 internet
protection strong 10/sec 10
*# server pop3 accept
*# server smtp accept
server dhcp accept
*# server imap accept
server ssh accept
*# server http accept
server ident reject with tcp-reset
client all accept
* same as above.
*router lan2internet inface eth1 outface eth0
* masquerade
* route pop3 accept
* route smtp accept
* route imap accept
* you want to route traffic from your lan to the internet. That's why
you need to specify those services here. They are supposed to pass from
interface eth1 to eth0. Changed the router name to make it sound more
logical. Plus fixed the masquerading
Have a go with this script and you should be fine.
Cheers
Andre
More information about the Firehol-support
mailing list