Re: [Shorewall-users] masquerading exception

Mon, 04 Apr 2016 04:53:45 -0700 

Am 04.04.2016 um 13:43 schrieb Florian Piekert:
> Am 04.04.2016 um 12:12 schrieb Marc Mertes:
>
> Hell Marc,
Hi Florian,
>
> your net behind your firewall (131.x.x.x) can be reached from the outside?
No all closed/droped - there are only some incomming rules, that allows 
some specific ips to enter our network.
> This would be a prerequisite if you want to exclude port 25 traffic from
> being masq'd.
>
> I'd try something like
>
> eth3 131.x.x.0/24 !:25 tcp
Hmmm I´m not sure...
>
> This is just my best guess on what I can read out of man masq. I bet Tom
> knows for sure...
I hope so :-)
>
>
>> Hi Folks,
>> hi Tom,
>> after a few years of useing shorewall now, I run into a "special case"
>> of a new masquerading need, and I´m not sure if this is possible.
>> I´ve already browsed through the mail archive - but there is not exactly
>> my case discussed, just some where close to - or I didn´t understand one
>> of them correctly,
>> or wasn´t able adapt it to my case.
>>
>> Shorewall Version 4.6.4.3 on debian jessie
>> This is my masq config now: I masq everything to the external Iface ip:
>> #INTERFACE:DEST         SOURCE          ADDRESS         PROTO PORT(S)
>> IPSEC   MARK    USER/   SWITCH  ORIGINAL
>> eth3 131.xxx.xxx.0/24
>>
>> What I now want to do is:
>> Keep the masq as it is - with one exception.
>> All traffic to our mailserver should not be masq.
>> I mean it like "masq everything outgoing on eth3 EXCEPT outgoing
>> traffic  to emailserver on eth3"
>>
>> The background is, that our mailserver is in the external zone and
>> blocks the ip after to many failed logins.
>> This means, our masq ip is blocked and no one can use the mailserver
>> anymore.
>> For this case it would be good not to masq, that each ip here is
>> "visible" for the mailserver.
>>
>> Thanks and best regards
>> Marc
>>
>> ------------------------------------------------------------------------------
>> _______________________________________________
>> Shorewall-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>


------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to