/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ Hi. I have my mail server working inside my firewall using only the 'ipmasqadm portfw -a -P tcp -L $extip 25 -R $intip 25' command. I have no problems whatsoever. We use two different authoritative DNSs, one for external queries, and one for internal ones. In my setup, the internal network does not have valid IPs and the mx entries in our external DNS point to our external IP on the firewall. For the internal clients to be able to access the mail server, they query the internal DNS. This is doable with Bind, but much easier with djbdns. Any questions, feel free to get in touch. Joao [EMAIL PROTECTED] wrote: > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > Hi my name is Claudius Li, I'm a sysadmin for the Johns Hopkins > University. > > I have a masquerading firewall and it seems to be mostly working. My one > problem is that I have a mail server which I want to keep behind the > firewall but I still want people to be able to send us mail. > So I set up an alias on the outside interface of the firewall with the old > ip address of the mail server (mailhost.domain.edu) And I'm using > ipmasqadm portfw to forward the connections to the internal mailserver. > I can't ping mailhost from outside the firewall, nmap shows no ports open, > and I can't telnet mailhost.domain.edu 25 either (connection refused) > > But when I set up the firewall in a test configuration it almost works. I > can ping it, smtp show up under nmap, and I can do telnet > mailhost.domain.edu 25. > > As far as I can tell there the only differences between the test > configuration and the real configuration are that the real configuration > uses the AUI port instead of the 10base2 port (I've added xcver=1 to the > /etc/modutils/options), and the ip addresses are different (to avoid ip > conflicts while I was testing) > > Both the firewall and mailhost are running Debian Linux, the machine for > the test setup is an NT box with the Merak Mail server on it. > > Can anyone help me with this or point me to somewhere where I can get > help? I've read the ipchains, and ipmasqadm man pages, I've read the > firewall, and the ipmasquerade how-to's, and I read all the FAQ and > user-kernel on Juan Jose Ciarlante's web site. Gargoyls mini-howto seems > to be a broken link though. > > Thank you in advance, > > Claudius Li > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > Admin requests can be handled at http://www.indyramp.com/masq-list/ -- > THIS INCLUDES UNSUBSCRIBING! > or email to [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. -- ----------------------------------------------------------------- Fabrica de Ideias sbs - ed. empire center - sala 109 - cep 70070-904 - brasilia-df tel: (61) 321 1357 fax: (61) 321 6096 [EMAIL PROTECTED] ----------------------------------------------------------------- _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
