> Thanks for responding, Ray. > I have added the diagnostic info described at leaf support.
A couple of comments...I think your main problem is you're not allowing the mail packets through the input firewall rules. Since you're using a PRIVATE DMZ, and port-forwarding your external firewall IP to the DMZ system, you need to use EXTERN_TCP_PORTS (or the EXTERN_TCP_PORTx indexed list) to open the desired services, ie: EXTERN_TCP_PORTS="0/0_smtp" > I'm running Dachstein linux 4.0.6 with private.network at 192.168.1 and > dmz.network at 192.168.2. > The web server on dmz.network can be reached from the net. > Mail sent to the mail server on dmz.network returns an error message to the > sender. > I've tried varying the coding of the DMZ_OPEN_DEST and DMZ_SERVER parameters > in network.conf without success. These two settings do *NOT* affect PRIVATE DMZ's...they are only for the other DMZ flavors (DMZ = YES, PROXY, or NAT). I doubt they're causing any harm (didn't look that way from the ipchains dump, but I'd comment them out, along with the DMZ_SRC variable which is also not used for PRIVATE DMZ's. <snip> > /var/log/messages is 900 lines like this > > Oct 5 20:22:43 myrouter kernel: Packet log: input DENY eth0 PROTO=17 > 10.93.176.1:67 255.255.255.255:68 L=362 S=0x00 I=53087 F=0x0000 T=255 (#8) > > if you could tell me how to suppress these messages, I would appreciate that > also Use SILENT_DENY: SILENT_DENY="17_10.93.176.1_68" Make sure this isn't your ISP's DHCP server first, however! Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
