Re: [leaf-user] DMZ: Mail Server (HELP)

Wed, 30 Oct 2002 02:45:02 -0800 

Alby,

On Tue, 29 Oct 2002 23:23:17 EST Alby wrote:

>       I'm trying to configure my local network using the 3-Interface
> DOCs on (www.shorewall.net) to setup a External, Internet, and DMZ network.

That's a great place to start...
 
> net - The Internet            (eth0)
> loc - Local Network           (eth1)
> dmz - Demilitarized Zone      (eth2)
> 
> 
>       Now all traffic between (net) and (loc) work just fine. I want to
> place an SMTP server on my (dmz) and have it pass all SMTP traffic back and
> forth like a normal mail server. As of right now, I can't seem to get it to
> work.
> 
> Network Diagram:
> ================
> net:          216.170.101.137 (Remote ISP Router)
>               216.170.101.138 (IP of Bering Firewall - External - eth0)
> 
> loc:          199.74.186.200  (IP of Bering Firewall - Internal - eth1)
>               199.74.186.0/24 (Addresses issued via DHCP)
> 
> dmz:          10.10.10.1      (IP of Bering Firewall - DMZ - eth2)
>               10.10.10.2      (IP of Mail Server)
> 
>       I'm assuming I need to modify the Shorewall (rules) file to
> pass (net) to (dmz) SMTP Traffic and also (loc) to (dmz) SMTP Traffic but
> I'm unsure on how to configure that.

That's correct.

> Could anybody give me a helping hand
> on how Shorewall Configs and/or anything else need to be configured?

You should be able to replace the "80" with "25" and "10.10.11.2"
with "10.10.10.2" in the "Web Server on DMZ 2" example at
http://shorewall.net/three-interface.htm and be in business after
a "shorewall restart".  That is, add:

DNAT      net    dmz:10.10.10.2  tcp    25
ACCEPT    loc    dmz:10.10.10.2  tcp    25

to /etc/shorewall/rules and run "shorewall restart".

If that doesn't work, look for clues by running

  tail -f /var/log/syslog

on Bering while trying to access the mail server.

--Brad



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to