> Working on running a SMTP server inside the firewall that takes incoming > SMTP traffic from outside the firewall. The below rules are not > working. The firewall refuses connections. Any input on what wrong? > > Thanks, > > internal mailserver = 192.168.1.2 > > > > #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \ > #-s 0/0 \ > #--dport smtp -j DNAT --to-destination 192.168.1.2:25
this rule looks fine... you might want to replace the ip with $SMTP_HOST where SMTP_HOST=192.268.1.2 > > #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \ > #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \ > #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT I guess you won't need RELATED if you don't wnt your server to start a new connection... there's either a new request for a connection or an established connection > > #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \ > #-o $NIC_EXTERNAL -d 0/0 -p tcp \ > #-m state --state ESTABLISHED,RELATED -j ACCEPT I'd add a --sport 25to this rule... Are you sure, this is your firewall refusing the connection? I'm really just beginning to work with iptables but from what I know or understand this is correct... Have you tried some extra logging? where don't the packages go through? > There's a great tutorial covering iptables: http://iptables-tutorial.frozentux.net Gruss, Horst.
