On Mon, 2003-02-24 at 13:25, Noel Sant wrote:
> I have a small home network which has a couple of Windows workstations
> and a Linux server for the internet which I am just setting up. I have
> installed Red Hat Linux 8.0 and have managed to connect to the internet,
> and, using Squid as a proxy, can connect to the web from the Windows
> PCs. But emails and an application that checks a time server don't get
> through.
You have one of the following problems (or both):
1. Your firewall is not letting the traffic through.
2. Your Red Hat server is not set up to act as a gateway, so
it is not routing packets through at all. If this is true,
then Squid works because your computers go _to_ the RH
server for information... requests do not pass _through_
the server on their way to the outside.
> I can get and send emails from the Linux box (using Mozilla) but not
> connect to a time server.
So your Linux box, as proven by the Squid success and the mail success
(from the box), is clearly successfully connected to the Internet.
> I assume that the lack of access to the time
> server is due to the firewall (I used lokkit to set up a medium
> firewall) and I have a look at letting ntp through that.
Maybe; see above.
> Though any quick fixes, or ideas for a better configurator
> than lokkit would be gratefully received.
Shorewall will let you do tons of things and make them easy to
accomplish; highly recommended. Shorewall (or another good package, it's
not the only one out there) will help you fix which services are
accessible and make sure that all your boxes can access the Internet
without a problem. http://www.shorewall.net
> But what can I do about mail? The Squid web site warns you not to open
> up the smtp and pop ports because of the danger of being used as a spam
> relay. There were dark mutterings about being sent to a black hole! I
> did try it, of course, but it didn't work anyway.
Note: No one should be able to access your mail server from the OUTSIDE;
your firewall should prevent that, and keeping it locked up is good
advice. However, there is no problem in your INTERNAL network accessing
your mail server.
Simply modify the sendmail.mc file to allow connections from localhost
and the INTERNAL network, making damn sure not to allow anything from
outside. Then, regenerate the sendmail.cf file which Sendmail actually
uses, restart Sendmail, and you're done.
Sorry not to provide detailed instructions, but don't have the time
right now. Some other recommendations:
o Setup SMTP AUTH while you're at it, so Sendmail requires
users to provide a username/password to send mail. This
is always a good idea, and can be done in less than ten
seconds while modifying your sendmail.mc file.
o Set up masquerading in Shorewall, which will allow ALL your
internal computers to connect to the outside, but WILL NOT
allow anything from the outside to come in.
> So do I need a separate mail proxy program?
You do not. Sendmail, along with a properly configured firewall and with
your server routing packets, will do everything you want.
> P.S. And does anyone know how I can get two dots over my "e", using
> Mozilla? It's easy with Microsoft.
Some things will be easier in Linux, some harder. I changed my keyboard
layout to "us-acentos" which allows me to type all the Spanish accents
(and then some) on a physically-English-standard keyboard. Your mileage
may vary.
--
Rodolfo J. Paiz
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
