> I know this is off topic, so feel free to shun me or ignore me if you
will,
> but I think i will probly find ppl who have had / are having the same
> problem here...
>
> That said, I am trying to get the ("A serious example") ipchains 3
interface
> setup from the ipchains howto working, and it is giving me nightmares.
>
> I set it up just like it is in the example, but I am having trouble with
DNS
> and SMTP services.
>
> I can receive mail, but I just can't send it. In addition, I cannot do a
dns
> lookup from outside our network. I have two DNS servers located in our
DMZ,
> and I guess my question is aimed at any IPchains gurus.
>
> my question:
>
> for a DMZ with a default (bad-DMZ & DMZ-bad) of DENY, what rules do I need
> (in the bad-DMZ and DMZ-bad chains) to host an smtp server that can send
and
> recieve mail? I have tried opening up access to port 25, and allowing it,
> and allowing access to other machines destined for port 25 (i thought this
> would work). Ditto for the DNS servers. Everything else works great.
Not too off-topic, really, but to help much I'd have to see your existing
rules. In general, for a server system in your DMZ, you need to allow
inbound traffic, including start-of-connection packets to the server, and
allow the return traffic back out to the internet. For your situation
(receiving e-mail, but can't send), the missing piece is likely outbound
start-of-connection packets. There's nothing particular about e-mail (smtp)
vs other protocols, like http, or dns, but you don't mention what
"everything else" is, other than it works great...not enough information to
effectively debug what's wrong.
It would also help to know which distribution you started with.
NOTE: The default Dachstein scripts include DMZ support that covers most
'typical' installations...
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
