Re: ipchains - getting certain services past the firewall

Thu, 23 May 2002 01:14:41 -0700 

hi,

I guess the line mentioned below  needs to be added on your firewall

/sbin/ipchains -A forward -s 10.0.0.10 -d 0/0 -j MASQ


----- Original Message -----
From: "Stuart Otway" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 22, 2002 8:43 PM
Subject: ipchains - getting certain services past the firewall


> hi there,
>
> if you have any advice i would be very greatful, thanks.
>
> I have got one server which is a firewall, one is the mailserver and one
is
> the webserver.
>                                   _____
>                                  |     |
>                                  | NET |
>                                  |_____|
>                                     |
>                             /-----------------\
>                             |    Firewall     |
>                             |    10.0.0.5     |
>                             \_________________/
>                               /             \
>                              /               \
>                             /                 \
>             /-----------------\             /-------------------\
>             |   Mailserver    |             |    Webserver      |
>             |   10.0.0.10     |             |                   |
>             \_________________/             \___________________/
>
> I want the mailserver to be able to check for email and send and recieve
it.
> It has been configured and before i put the firewall in place it did
collect
> and send mail. What command would i use on the firewall to let the
> mailserver get out to the net to send & recieve. I have been told that for
> the firewall to let the mailserver through and any other addresses in that
> ipaddress range (10.0.0.x) i just need to do the following:
>
> ipchains -A forward -s 10.0.0.0/24 -d 10.0.0.10 -j ACCEPT
> ipchains -A forward -s 10.0.0.0/24 -d \! 10.0.0.10 -j MASQ
>
> The mailserver still does not recieve mail.  I had a read and i think i
have
> found what i need to use, ipmasqadm.
>
> Am I correct or am i going off on a wild tangent here!?
> If I am correct, does anyone have any experiece with this sort of
situation?
>
> many thanks.
> Stuart.
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release Date: 5/7/02



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to