If your overall LAN setup is simple enough, this will work. Since this approach "double NATs" all the traffic (first by the LEAF router; second by the ISP someplace), there is always some risk that something you implement will run into a rare problem. Worry most about things that you are port forwarding (not mail; that should work just fine) ... particularly the traditional "problem services" (ftp, irc, a few others) and the p2p services.We're a simple operation and don't run irc or most other internet applications besides email and web browsing. Our webmaster does ftp files to our webhosting company, but that seems to already work from behind the firewall without having to set any port forwarding rules for it.
Before I actually move our email server behind the firewall let me just make sure I have the right process.
ip_masq_portfw is already uncommented in etc/modules so I think I do this by adding the following line after #TCP services open to outside world:
EXTERNAL_TCP_PORTS=0/0_25
and the following line after #Uncomment the following for port-forwarded internal services.
INTERNAL_SERVERS="tcp$192.168.1.2_25_10.10.10.200_25"
(Where 192.168.1.2 will be eth0 on the firewall, 25 is the port to forward from, 10.10.10.200 will be the mailserver's ip, and 25 is the port to forward to.)
Please correct me where I've strayed, thanks.
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
