On Thu, Oct 03, 2002 at 05:11:55PM +0200, Dan Johansson wrote: > now I would like it to recieve mail from te rest of the world. > So my qustion is what to do on the FW. Schould I only put some general- > gateway on my FW that only passes TCP-connections on port 25 from > the WAN sid to the Courier Mail-Server on the LAN side. Or do you have > any othe suggestion (No I don?t want to run my mailserver on the FW).
Yes, you have to nat your firewall on port 25. Something like the following: # Receiving email iptables -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $MAILSRVR_RFC1918 \ --dport 25 -j DNAT --to-destination $MAIL_SRVR # Let it send email iptables -t nat -A POSTROUTING -o $INET_IFACE -p tcp -s $MAILSRVR_RFC1918 \ --dport 25 -j SNAT --to-source $MAILSRVR_INET_ADDR You also have to set rules to allow input, output, and forwarding on port 25 for connections to and from $MAIL_SRVR_INET_ADDR and the $MAILSRVR_RFC1918 addr. You should also set a rule to send a tcp RSET when ident requests go either way. -Peter -- The 5 year plan: In five years we'll make up another plan. Or just re-use this one. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
