Re: [Masq] POP mail

Paul Bristow Fri, 23 Jun 2000 10:30:30 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Suggestions below.

Kelly Martin wrote:
> How can I access my external POP mail using IP Masq?

You have two options: either

1) Enable traffic on the POP3 port (Protocol TCP Port 110) 

   Change the following two lines in your rc.firewall script:

     #/sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -s $SECUREHOST
-d $EXTIP pop-3

     #/sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $EXTIP
pop-3 -d $SECUREHOST $UNPRIVPORTS

   so it looks like 

     /sbin/ipchains -A input -j ACCEPT -i $EXTIF -p tcp -y -s $POPHOST
pop-3 -d $EXTIP $UNPRIVPORTS
     /sbin/ipchains -A output -j ACCEPT -i $EXTIF -p tcp -s $EXTIP
$UNPRIVPORTS -d $POPHOST pop-3

   The -y in there prevents outside people connecting to your firewall
machine to log in to your local    POP3 server (should be impossible if
you did all of TrinityOS but better safe than sorry).

   somewhere at the start of your rc.firewall script add

     POPHOST="xxx.xxx.xxx.xxx"     

   where xxx.xxx.xxx.xxx is the IP address (not the name like
pop3.isp.com)

OR

2) Use fetchmail to collect mail to your local accounts on the Linux
side and sendmail to forward it out.

The advantage of option 2 is that local mail doesn;t go out to the ISP
to be delivered.  However, unless you have a large LAN or send really
huge files between machines behind the firewall you probably want option
1.
 
> There does not appear to exist something like: /sbin/modprobe
> ip_masq_pop or similar, which I suspect would work. Can someone
> advise?

This is unnecessary as POP traffic stays on the same port.  ip_masq_xxx
modules are only required for strange protocols like ICQ or Netmeeting
which send out on one port and reply on another.
 
> --
> kelly martin  http://www.redbeet.com
> A boy, not a girl, in Calgary Canada.

Cheers,

-- 

Paul

Web:   http://paulbristow.net
Email: [EMAIL PROTECTED]
ICQ:   #11965223

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
Re: [Masq] POP mail

Reply via email to
