RE: [courier-users] Courier behind a Firewall

Thu, 03 Oct 2002 09:06:57 -0700 

Using the excellent iptables modules to do this for any mail server is easy
using the port forwarding capabilties.  Here is some script to help you get
started for a 2.4.2-2 kernel:-

# Ensure ipchains isn't running and run iptables instead
rmmod ipchains
insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_tables.o
insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_nat_ftp.o
insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod /lib/modules/2.4.2-2/kernel/net/ipv4/netfilter/ipt_MASQUERADE.o

# Turn on anti-spoofing for all interfaces
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done

# Set IP forwarding on
echo 1 > /proc/sys/net/ipv4/ip_forward

# Add new redirection rules
iptables -A PREROUTING -t nat -p tcp --dport 25:25  -j DNAT --to 10.0.0.2
iptables -A PREROUTING -t nat -p udp --dport 25:25  -j DNAT --to 10.0.0.2
iptables -A PREROUTING -t nat -p tcp --dport 110:110 -j DNAT --to 10.0.0.2
iptables -A PREROUTING -t nat -p udp --dport 110:110 -j DNAT --to 10.0.0.2
iptables -A PREROUTING -t nat -p tcp --dport 143:143 -j DNAT --to 10.0.0.2
iptables -A PREROUTING -t nat -p udp --dport 143:143 -j DNAT --to 10.0.0.2

Regards,
        Mark.

-----Original Message-----
From: Bowie Bailey [mailto:[EMAIL PROTECTED]]
Sent: 03 October 2002 16:40
To: Dan Johansson; [EMAIL PROTECTED]
Subject: RE: [courier-users] Courier behind a Firewall



> -----Original Message-----
> From: Dan Johansson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 03, 2002 11:12 AM
> To: [EMAIL PROTECTED]
> Subject: [courier-users] Courier behind a Firewall
> 
> 
> Hi,
> 
> I�m new to Courier and this list so please be kind to me.
> 
> I�ve set up Courier succefull (I think) on a host in my network.
> This Network is behind a Firewall (consisting of a Router (doing NAT)
> and a hardened Linux box). Courier works fine for "internal" mail, and
> now I would like it to recieve mail from te rest of the world.
> So my qustion is what to do on the FW. Schould I only put 
> some general-
> gateway on my FW that only passes TCP-connections on port 25 from
> the WAN sid to the Courier Mail-Server on the LAN side. 

The Courier box will need to have a static IP to the outside (probably via a
static NAT on your router).  Then just tell the firewall to allow
connections to port 25 on your Courier box.  I could give you instructions
for a Cisco firewall, but I'm not familiar enough with iptables (or
ipchains).

> Or do you have
> any othe suggestion (No I don�t want to run my mailserver on the FW).

Running extra software on your firewall is generally not a good idea if you
can avoid it.  If you do, then a vulnerability in your other applications
could give a hacker direct access to your firewall box.

> 
> Regards,
> --Dan

Bowie 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

***********************************************************************
This e-mail and its attachments are intended for the above named 
recipient(s) only and are confidential and may be privileged.
If they have come to you in error you must take no action based 
on them, nor must you copy or disclose them or any part of 
their contents to any person or organisation; please notify the 
sender immediately and delete this e-mail and its attachments from 
your computer system.

Please note that Internet communications are not necessarily secure 
and may be changed, intercepted or corrupted. We advise that 
you understand and observe this lack of security when e-mailing us 
and we will not accept any liability for any such changes, 
interceptions or corruptions. 

Although we have taken steps to ensure that this e-mail and its 
attachments are free from any virus, we advise that in keeping 
with good computing practice the recipient should ensure they 
are actually virus free.

Copyright in this e-mail and attachments created by us belongs 
to Littlewoods. 

Littlewoods takes steps to prohibit the transmission of offensive, 
obscene or discriminatory material.  If this message contains 
inappropriate material please forward the e-mail intact to 
[EMAIL PROTECTED] and it will be investigated. 
Statements and opinions contained in this e-mail may not 
necessarily represent those of Littlewoods.

Please note that e-mail communication may be monitored.

Registered office: 
Littlewoods Retail Limited, 
Sir John Moores Building, 
100 Old Hall Street, 
Liverpool,
L70 1AB 
Registered no: 421258 

http://www.littlewoods.com 
***********************************************************************


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to