Hi, Parse the firewall script and look for a line that has something like
/sbin/iptables -P OUTPUT ACCEPT Place this rule on the very next line /sbin/iptables -A FORWARD -p TCP -s !192.168.1.5 --dport 25 -j DROP This will only allow SMTP traffic from host 192.168.1.5 - replace this IP with that of your mail server. If you're fed up with SuSEFirewall, u could try shorewall - offers fine-grain control. Bernard > On Wednesday 02 June 2004 13:30, Kiggundu Mukasa wrote: >> Assuming you are using the best linux out there (SuSE) and any of the >> newer versions (i think 8.2 and above, which have postfix as the >> default mailer) >> then; >> >> edit /etc/postfix/main.cf >> >> look for mynetworks >> add the values of the computers you want the server to relay for > > But that only prevents users from using the local MTA as an SMTP relay. > It still doesn't stop the fact that they can originate SMTP traffic to > the Internet. > > I think what he needs to do is, basically, look at the FW_RULES of the > firewall, and explicitly include what destination ports are to be denied > forwarding/masquerading/NAT'ing. Anything else can be permitted. > > Mark. > >> >> Kiggs >> >> On Jun 2, 2004, at 2:18 PM, Lunghabo James wrote: >> > Does susefirewall have a file with the rules? If so, please post >> them. >> > >> > Wire >> > >> >> Hello guys, >> >> There are a number of machines sitted behind a proxy. I am >> currently in >> >> the process of setting up one as a mailserver. Proxy is running >> susefirewall (yes susefirewall, not susefirewall2) and I want this >> firewall to refuse SMTP traffic from all these machines apart from >> the one configured as the mail server i.e I don't want any SMTP >> connection to the outside world apart from that from the >> mailserver. Can someone point me in the right direction. Hope you >> don't send me back to the instructions within the firewall script. >> I have read them a zillion times but still cannot effect what I >> want. Thanks in advance >> >> P.S: >> >> Guess its time to remove the newbie word infront of my name:-)!! >> >> >> >> >> >> Linux, the only OS that requires one to use his head. >> >> >> >> --------------------------------- >> >> Do you Yahoo!? >> >> Friends. Fun. Try the all-new Yahoo! Messenger >> > >> > --------------------------------------------- >> > This service is hosted on the Infocom network >> > http://www.infocom.co.ug >> >> **************** ***************************** >> Kiggundu Mukasa # Computer Network Consultancy### >> KYM-NET LTD. # Intranets & Internet Solutions# Plot >> 80 Kanjokya Street >> P.O. Box 24284 Kampala, Uganda >> Tel: +256 77 972255 >> +256 71 221141 >> Fax: +256 31 262122 >> ***************************************************************** >> >> >> >> --------------------------------------------- >> This service is hosted on the Infocom network >> http://www.infocom.co.ug > > > --------------------------------------------- > This service is hosted on the Infocom network > http://www.infocom.co.ug --------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
