I'm running Dachstein linux 4.0.6 with private.network at 192.168.1 and
dmz.network at 192.168.2.
The web server on dmz.network can be reached from the net.
Mail sent to the mail server on dmz.network returns an error message to the
sender.
I've tried varying the coding of the DMZ_OPEN_DEST and DMZ_SERVER parameters
in network.conf without success.
I've been assuming that it is a network.conf issue because I can send mail
from private.network to dmz.network and
I had successfully set up a mail server on private.network
(INTERNAL_SMTP_SERVER parm).
I tore it down prior to trying to move it to dmz.
My network.conf parameters and email error messages follow.
Bob
NETWORK.CONF PARAMETERS
############################################################################
###
# Extended firewall configruation scripts
# By Charles Steinkuehler
# Version 1.3.2
# September 29, 2001
############################################################################
###
############################################################################
###
# General Settings
############################################################################
###
VERBOSE=YES
MAX_LOOP=10
IPFWDING_KERNEL=FILTER_ON
IPALWAYSDEFRAG_KERNEL=YES
CONFIG_HOSTNAME=YES
CONFIG_HOSTSFILE=YES
CONFIG_DNS=NO
############################################################################
###
# Interfaces
############################################################################
###
IF_AUTO="eth1 eth2"
IF_LIST="$IF_AUTO"
ALLIF_ACCEPT_REDIRECTS=NO
DEF_IP_SPOOF=YES
DEF_IP_KRNL_LOGMARTIANS=YES
BRG_SWITCH=NO
BRG_EXEMPT_PROTOS=""
eth0_IPADDR=1.1.1.2
eth0_MASKLEN=30
eth0_BROADCAST=+
eth0_DEFAULT_GW=1.1.1.1
eth0_IP_SPOOF=YES
eth0_IP_KRNL_LOGMARTIANS=YES
eth0_IP_SHARED_MEDIA=NO
eth0_BRIDGE=NO
eth0_PROXY_ARP=NO
eth0_FAIRQ=NO
eth1_IPADDR=192.168.1.254
eth1_MASKLEN=24
eth1_BROADCAST=+
eth1_IP_SPOOF=YES
eth1_IP_KRNL_LOGMARTIANS=YES
eth1_IP_SHARED_MEDIA=NO
eth1_BRIDGE=NO
eth1_PROXY_ARP=NO
eth1_FAIRQ=NO
eth2_IPADDR=192.168.2.254
eth2_MASKLEN=24
eth2_BROADCAST=+
#eth2_ROUTES=
eth2_IP_SPOOF=YES
eth2_IP_KRNL_LOGMARTIANS=YES
eth2_IP_SHARED_MEDIA=NO
eth2_BRIDGE=NO
eth2_PROXY_ARP=NO
eth2_FAIRQ=NO
IPFILTER_SWITCH=firewall
SNMP_BLOCK=YES # Block all SNMP (YES/NO)
MRK_CRIT=1 # Critical traffic, routing, DNS
MRK_IA=2 # Interactive traffic - telnet, ssh, IRC
CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route
${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain
${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh"
EXTERN_IF="eth0" # External Interface
EXTERN_DHCP=YES # YES/NO
IF_DHCP=$EXTERN_IF
EXTERN_DYNADDR=NO # YES/NO
eval EXTERN_IP=\"\${"$EXTERN_IF"_IPADDR:-""}\"
if [ "$EXTERN_DHCP" = "YES" -o \
"$EXTERN_DHCP" = "Yes" -o \
"$EXTERN_DHCP" = "yes" -o \
"$EXTERN_IP" = "DYNAMIC" ] ; then
# This computes the IP address of $EXTERN_IF
EXTERN_IP=`ip addr list label $EXTERN_IF | \
grep inet | sed '1!d' | \
sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'`
# If the external address is not configured, use a bogus address for the
# external interface to prevent a bunch of (harmless) errors that spit out
# when the IPCHAINS script is called.
if [ x$EXTERN_IP = x ]; then
EXTERN_IP=192.168.254.254
fi
fi
IPCH_IN=/etc/ipchains.input
IPCH_FWD=/etc/ipchains.forward
IPCH_OUT=/etc/ipchains.output
client
EXTERN_UDP_PORTS="0/0_domain 0/0_bootpc"
INTERN_IF="eth1" # Internal Interface
INTERN_NET=192.168.1.0/24 # One (or more) Internal network(s)
INTERN_IP=192.168.1.254 # IP number of Internal Interface
# (to allow forwarding to external IP)
MASQ_SWITCH=YES # Masquerade internal network to outside
DMZ_SWITCH=PRIVATE
DMZ_IF="eth2"
DMZ_NET=192.168.2.0/24
DMZ_SRC=1.1.1.0/27
DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
DMZ_HIGH_TCP_CONNECT=NO
DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_domain
tcp_${DMZ_NET}_www
tcp_${DMZ_NET}_smtp"
DMZ_SERVER0="udp $EXTERN_IP domain 192.168.2.253 domain"
DMZ_SERVER1="tcp $EXTERN_IP domain 192.168.2.253 domain"
DMZ_SERVER2="tcp $EXTERN_IP www 192.168.2.253 www"
DMZ_SERVER3="tcp $EXTERN_IP smtp 192.168.2.253 smtp"
#DMZ_SERVER4="tcp 1.2.3.12 www 192.168.2.1 8080"
DMZ_OUTBOUND_ALL=YES
HOSTNAME=myrouter
HOSTS0="$eth1_IPADDR $HOSTNAME.private.network $HOSTNAME fw"
DOMAINS="private.network"
DNS0=127.0.0.1
EMAIL ERROR MESSAGES
Date: Fri, 27 Sep 2002 20:00:31 -0400
From: "Bob Skaroff comcast.net" <[EMAIL PROTECTED]>
Subject: test
To: [EMAIL PROTECTED]
Message-id: <000501c26682$1079e200$[EMAIL PROTECTED]>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
Your message is being returned; it has been enqueued and undeliverable for
3 days to the following recipients:
Recipient address: [EMAIL PROTECTED]
Reason: unable to deliver this message after 3 days
Delivery attempt history for your mail:
Tue, 1 Oct 2002 00:54:30 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Mon, 30 Sep 2002 20:51:20 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Mon, 30 Sep 2002 04:46:54 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Sun, 29 Sep 2002 13:25:19 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Sat, 28 Sep 2002 21:22:09 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Sat, 28 Sep 2002 19:18:59 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Sat, 28 Sep 2002 11:15:49 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Sat, 28 Sep 2002 03:12:18 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Fri, 27 Sep 2002 23:09:08 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Fri, 27 Sep 2002 22:05:58 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
Fri, 27 Sep 2002 20:02:48 -0400 (EDT)
TCP active open: Failed connect() Error: Connection timed out
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
