OK - I'm still stuck. Could anyone help me out?
I've got a range of IP addresses....
213.107.212.9 (adsl modem)
213.107.212.10 (firewall WAN interface)
213.107.212.11 (incoming email comes to this address)
213.107.212.12 (DMZ - not used yet)
Trying to let incoming mail through to the mail server (213.107.212.11
>>
mail server 192.168.175.1)
With help i've got:
assign extra IP's to the external interface:
eth0_IP_EXTRA_ADDRS="213.107.212.11 213.107.212.12"
allow e-mail traffic through the firewall filters with the following:
EXTERN_TCP_PORT0="0/0 smtp 213.107.212.11"
port-forward the traffic to your exchange server:
INTERN_SERVERS="tcp_213.107.212.11_smtp_192.168.175.1_smtp"
But, still no joy. In particular, I notice that
the addition IPs i've added have a different subnet entry to the primary
eth0 : is this OK?
I can ping the firewall eth0 interface IPs (apart from the .11 for some
reason?) from the internet (which I couldn't do with the old firewall) :
is this a bad setup by me?
Thanks for ANY help!!
Cheers,
Matt W
************************************************************************
****
1: lo: mtu 3924 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: eth0: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:60:08:5e:90:46 brd ff:ff:ff:ff:ff:ff
inet 213.107.212.10/29 brd 213.107.212.15 scope global eth0
inet 213.107.212.11/32 scope global eth0
inet 213.107.212.12/32 scope global eth0
3: eth1: mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:08:c7:39:af:07 brd ff:ff:ff:ff:ff:ff
inet 192.168.175.9/24 brd 192.168.175.255 scope global eth1
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
213.107.212.8 0.0.0.0 255.255.255.248 U 0 0 0
eth0
192.168.175.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
0.0.0.0 213.107.212.9 0.0.0.0 UG 0 0 0
eth0
Chain input (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
1 64 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 13 -> *
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 14 -> *
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.175.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
213.107.212.10 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
213.107.212.11 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
213.107.212.12 0.0.0.0/0 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 127.0.0.0/8 n/a
0 0 REJECT all ----l- 0xFF 0x00 eth0
0.0.0.0/0 192.168.175.0/24 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
33 2574 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 213.107.212.11 * -> 25
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 113
4 1071 ACCEPT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
0 0 REJECT udp ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 68
0 0 DENY udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 67
0 0 ACCEPT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
36 2160 ACCEPT icmp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> *
0 0 ACCEPT ospf ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 n/a
1 68 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 161:162
0 0 REJECT udp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 161:162 -> *
4231 329K ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 DENY icmp ----l- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 5 -> *
0 0 MASQ tcp ------ 0xFF 0x00 *
192.168.175.1 0.0.0.0/0 25 -> *
1715 135K MASQ all ------ 0xFF 0x00 eth0
192.168.175.0/24 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
3813 344K fairq all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
255.255.255.255 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
127.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
224.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
10.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
172.16.0.0/12 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.168.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
0.0.0.0/8 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
128.0.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
191.255.0.0/16 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
192.0.0.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
223.255.255.0/24 0.0.0.0/0 n/a
0 0 DENY all ----l- 0xFF 0x00 eth0
240.0.0.0/4 0.0.0.0/0 n/a
0 0 DENY all ------ 0xFF 0x00 eth0
192.168.175.0/24 0.0.0.0/0 n/a
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
850 66300 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 137
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 135
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138:139
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 * -> 138
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:138 -> *
0 0 REJECT udp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 137:139 -> *
0 0 REJECT tcp ------ 0xFF 0x00 eth0
0.0.0.0/0 0.0.0.0/0 135 -> *
2963 277K ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
Chain fairq (1 references):
pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN ospf ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 n/a
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 520
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 520 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 179
12 480 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 179 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
66 2728 RETURN tcp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
724 60943 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 * -> 53
0 0 RETURN udp ------ 0xFF 0x00 * 0x1
0.0.0.0/0 0.0.0.0/0 53 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 23
12 480 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 23 -> *
0 0 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 * -> 22
12 480 RETURN tcp ------ 0xFF 0x00 * 0x2
0.0.0.0/0 0.0.0.0/0 22 -> *
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.385 / Virus Database: 217 - Release Date: Sep/04/2002
-------------------------------------------------------
In remembrance
www.osdn.com/911/
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
