You will need to do some DNAT and FORWARD to get the mail in iptables -t nat -A PREROUTING -i ppp0 -p tcp -d $EX_IP --dport 25 -j DNAT --to-destination $192.168.0.1 iptables -A FORWARD -i ppp0 -o eth0 -p tcp -d 192.168.0.1 -j ACCEPT
Don't forget your DNS has to be visible in the public domain to get mail to come inside. Hope this helps.. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > [EMAIL PROTECTED] > Sent: Tuesday, April 02, 2002 7:45 PM > To: [EMAIL PROTECTED] > Subject: mail server problem > > > Hello, > > i have a little problem with iptables rules > > i have setup a netfilter firewall to protect my mail server > > i'm 2 interfaces: eth0 (lan card) ppp0 (provider interface) > > i have setup up: > > iptables -A INPUT DROP > iptables -A OUTPUT ACCEPT > iptables -A FORWARD DROP > > iptables -A INPUT -j ACCEPT -i ppp0 -s 193.252.19.3 (dns server) -d > 0/0 --dport 53 > iptables -A INPUT -j ACCEPT-i ppp0 -s 193.252.19.4 (dns server) -d > 0/0 --dport 53 > iptables -A INPUT -j ACCEPT -i ppp0 -s 0/0 -d > 192.168.0.1/255.255.255.0 --dport 25 > > > when i try it, the server can't deliver the mail because it can't > resolve the dns name (ex pop.netcourrier.com) > > i can surf because i'm using ip masquerading rules > > someone have ideas? > > thanks > > fred > > ------------------------------------------------------------- > NetCourrier, votre bureau virtuel sur Internet : Mail, > Agenda, Clubs, Toolbar... Web/Wap : www.netcourrier.com > T�l�phone/Fax : 08 92 69 00 21 (0,34 � TTC/min) > Minitel: 3615 NETCOURRIER (0,15 � TTC/min) > > > >
