-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kwon wrote: > Hi, I have an [EMAIL PROTECTED] PBX box and a Gentoo box running LAMP and > Postfix located in the same DMZ=192.168.73.0/24. The PBX box is trying to > relay mail to the Gentoo box but the firewall (Bering uClibc 3.0.1) is > blocking access with the following message: > > Apr 15 05:33:26 ns1 Shorewall:all2all:REJECT: IN=eth2 OUT= > MAC=00:50:ba:5b:dc:86:00:0e:a6:8e:0a:39:08:00 SRC=192.168.73.78 > DST=my.public.static.IP LEN=60 TOS=10 PREC=0x00 TTL=64 ID=23830 DF PROTO=TCP > SPT=34454 DPT=25 SEQ=3670945291 ACK=0 WINDOW=5840 SYN URGP=0 > > Can someone please have a look at the above and suggest a rule in the > /etc/shorewall/rules file?
It's kind of hard to say exactly what rule you need without more info, but it looks like you're trying to talk to the mail server using the public IP of your firewall. If you want this to work, you'll have to craft a shorewall rule that allows DMZ -> firewall traffic on port 25, and you may have to craft some custom tweaks, as well (looping through the firewall and back to the same network is not usually done, and since I haven't personally done this, I can't tell you exactly what rule(s) you might need). I'd personally recommend you configure your asterisk box to talk to the private IP of the gentoo mail server directly, rather than try to relay traffic through the firewall, which is inefficient and may require custom tweaks. You can route mail through the gentoo box directly by using it's IP address instead of a hostname for the mail server, or by setting up split zones in DNS so your DMZ systems get the direct (private IP) address of your mail server while everyone else (ie: the internet at large) gets the public IP of your firewall (presumably port-forwarded to the DMZ system). - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGIrCoLywbqEHdNFwRAokdAKDvc99OhgGgItj5x8zmj7gP6F0hzwCgjVUD 1Djw50cdDacZ5dEqJdbr5j8= =eZpK -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
