[Firehol-support] Firehol port forward to internal system

Joe Matuscak matuscak at rohrer.com
Mon Jan 26 21:39:40 GMT 2015


That did it.

Thanks for the help.

----- Original Message -----
> You need to dnat traffic towards your internet public IP, to your mail
> server.
> Add this at the top of your config:
> 
> dnat to 192.168.252.26 inface eth0 dst 104.236.X.X proto tcp dport 25
> 
> With this statement all traffic to your public ip 104.236.X.X port
> tcp/25, will be sent to 192.168.252.26.
> 
> The server smtp accept statement at the first interface is not needed.
> Apparently you do not run an smtp server there, hence the connection
> refused message.
> 
> Costa
> 
> 
> On Mon, Jan 26, 2015 at 5:20 PM, Joe Matuscak <matuscak at rohrer.com> wrote:
> > I'm trying to forward SMTP traffic from the Internet facing interface of
> > the
> > host I'm running Firehol on to a mail server on the other side of a OpenVPN
> > tunnel, like this:
> >
> > Internet-->Firehol/OpenVPN host-->OpenVPN Tunnel-->Routing host-->Mail
> > server
> >
> > The hosts are running CentOS 6.6.
> > The routing host is at 192.168.252.25.
> > The mail server is at 192.168.252.26.
> >
> > I can send outbound traffic from the mail server to the Internet over the
> > OpenVPN
> > tunnel without a problem.
> >
> > I can connect to the SMTP port on the mail server from the Firehol host,
> > but
> > I can't get the access from the Internet working.
> >
> > Here's my firehol.conf file:
> >
> > # External interface
> > interface4 eth0 external src not "${UNROUTABLE_IPS}" dst 104.236.X.X
> > policy reject
> > protection strong
> >
> > server smtp accept
> >
> > server ICMP accept
> > server openvpn accept
> > server ssh accept
> > client all accept
> >
> > # VPN tunnel to DMZ network which is trusted
> > interface4 tun0 vpntun
> > policy accept
> > client all accept
> >
> > # Route from LAN tunnel to external
> > router4 Tun2Internet inface tun0 outface eth0 dst not "${UNROUTABLE_IPS}"
> > masquerade
> > route all accept
> >
> > # Route from Internet to mail server
> > router4 Internet2Tun inface eth0 outface tun0
> > server smtp accept dst 192.168.252.26
> >
> > When I try to connect to the Firehol host external IP port 25, I get
> > a connection refused.
> >
> > What am I missing?
> >
> > TIA.
> >
> > --
> > Thanks,
> >
> > Joe Matuscak | Director of Technology
> > Rohrer Corporation | Office: 330-335-1541
> > 717 Seville Road | Wadsworth, Ohio 44281
> > www.rohrer.com | A Better Package
> >
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org
> > http://lists.firehol.org/mailman/listinfo/firehol-support
> 

-- 
Thanks, 

Joe Matuscak | Director of Technology 
Rohrer Corporation | Office: 330-335-1541 
717 Seville Road | Wadsworth, Ohio 44281 
www.rohrer.com | A Better Package 




More information about the Firehol-support mailing list