On Fri, 1 Aug 2008 18:20:29 +0800, "John Morris" wrote: > Block: >
REJECT loc net tcp 25 REJECT:info is even better to track down
these users and contact them to learn them how to process. >
Redirecting isn't a good idea for various reasons. You should tell >
your users the policy (don't connect to external SMTP servers, only >
connect to the internal SMTP server) and tell them how to configure >
that. If you insist, put the 'routeback' option on your internal >
network interface in /etc/shorewall/interfaces: > > loc eth1
detect routeback > > and do a DNAT in /etc/shorewall/rules:
> > DNAT loc loc:192.168.1.3 tcp 25 -
!192.168.1.0/24 I'd write: DNAT loc fw tcp
smtp,submission,ssmtp
fw will identify the firewall (and then the router), and loc will
include all the LAN. This rule will process mails coming from the LAN
trying to go through if I don't make any mistake.
John: Always reply AFTER the previous
message.
HTH. Jerome Blion.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
