Re: [courier-users] Courier behind a Firewall

Thu, 03 Oct 2002 09:13:05 -0700 


Dan Johansson wrote:
> 

> now I would like it to recieve mail from te rest of the world.
> So my qustion is what to do on the FW. 

A bit off-topic, but it's easier to give an answer than to argue
the topic. Besides, you said we should be kind ;)

#!/bin/bash

# Set network and interfaces:
EXTIF="eth0"
INTIF="eth1"
INTNET="192.168.0.0/16"
COURIER="192.168.0.8"

# Load iptables modules
cd /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/
if [ -e ipchains.o ]
    then
    rm -f ipchains.o
fi
if [ -e ipfwadm.o ]
    then
    rm -f ipfwadm.o
fi
for i in *.o
   do
   j=${i%.o}
   /sbin/modprobe $j
done

# Enable forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

# Enable masquerading
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s $INTNET -d \! $INTNET -j MASQUERADE

# Decide what to let in from the outside and what not
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW --dport 995 -j ACCEPT
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW --dport 993 -j ACCEPT
/sbin/iptables -A INPUT -i $EXTIF -p tcp -m state --state NEW,INVALID -j DROP

# Forward services
/sbin/iptables -A PREROUTING -t nat -p tcp --dport 25 -j DNAT -s $INTNET --to 
$COURIER:25
/sbin/iptables -A PREROUTING -t nat -p tcp --dport 25 -j DNAT -s $INTNET --to 
$COURIER:110
/sbin/iptables -A PREROUTING -t nat -p tcp --dport 25 -j DNAT -s $INTNET --to 
$COURIER:143
/sbin/iptables -A PREROUTING -t nat -p tcp --dport 25 -j DNAT -s $INTNET --to 
$COURIER:995
/sbin/iptables -A PREROUTING -t nat -p tcp --dport 25 -j DNAT -s $INTNET --to 
$COURIER:993




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users























					Reply via email to