I don't think LEAF can handle the first of the problems you have. I think the relevant host has to handle them. But possibly I am misunderstanding what you need, so please see the more detailed response below.
Whether you can do what you want with respect to the second question depends, I think, on specifics of your setup that you left out of your description. Again, see the more detailed response below. At 07:51 PM 5/10/02 -0300, Omar Vasquez wrote: >Hello fellow LRP/Leaf users: > >I am using LRP (Eigerstein BETA 2) to provide Internet connectivity and >to protect a small company LAN. > >There are two situations that I need to solve with LRP: > >1.- An internal mail system is running on the LAN, but would like to >restrict STMP, IMAP and POP traffic so only authorized users or machines >can send/receive mail to/from the outside. Since clients actually on the LAN don't go through the LEAF router to connect to the server running the "internal mail system", you can't use it to restrict access by those machines to it (except by an extremely convoluted approach). With respect to off-LAN traffic, if you can associate "authorized users or machines" with specific IP addresses or ranges, you can modify the INPUT chain in ipchains to accept port 25-bound traffic (or 110 or whichever port IMAP uses) only from those addresses. But that's not what people usually have in mind here. OTOH, decent SMTP, POP3, and IMAP servers come with a range of possible authentication schemes designed to restrict who can use the services. So I suspect you will do better to solve this one at your mail server. >2.- A proxy server (Squid) is running, but would like to redirect all >http traffic at the firewall, so if users configure their browsers not >to use the proxy, all requests for web traffic at the gateway go to the >proxy server...(a transparent proxy, right?) I assume here that the "firewall" and the "gateway" both refer to the LEAF router, but it's not clear if the Squid proxy server is also that same host or is a different one on the LAN. Please clarify that part. Also please clarify if your LAN uses private addresses and a NATing LEAF firewall, or if the hosts on it have their own "real" IP addresses. (And do you really want to proxy *only* http traffic, and not, say, https traffic?) -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
