On 6/14/21, Benny Pedersen <m...@junc.eu> wrote: > On 2021-06-14 08:04, Zenny wrote: > >> root@server2:~# netstat -lnp | grep :25 >> tcp 0 0 127.0.0.1:25 0.0.0.0:* >> LISTEN 27946/master >> >> Where did I miss the wagon? > > https://shorewall.org/manpages/shorewall-rules.html see Examples rules > for DNAT > > this must be added to the outside firewall, then when this is done you > only use inside postfix
Thanks again for your input. The DNAT rule is already in place as follows: DNAT net dmz:192.168.25.110 tcp 25 root@server2:~# iptables -L | grep smtp ACCEPT tcp -- anywhere 192.168.25.110 tcp dpt:smtp > > and the outside postfix can be configured to loopback only Outside is already loopback-only mode. Did I miss something? Thanks again. Cheers, /z > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
