On 6/14/21, Zenny <garbytr...@gmail.com> wrote: > On 6/14/21, Benny Pedersen <m...@junc.eu> wrote: >> On 2021-06-14 08:04, Zenny wrote: >> >>> root@server2:~# netstat -lnp | grep :25 >>> tcp 0 0 127.0.0.1:25 0.0.0.0:* >>> LISTEN 27946/master >>> >>> Where did I miss the wagon? >> >> https://shorewall.org/manpages/shorewall-rules.html see Examples rules >> for DNAT >> >> this must be added to the outside firewall, then when this is done you >> only use inside postfix > > Thanks again for your input. > > The DNAT rule is already in place as follows: > > DNAT net dmz:192.168.25.110 tcp 25 > > > root@server2:~# iptables -L | grep smtp > ACCEPT tcp -- anywhere 192.168.25.110 tcp dpt:smtp > >> >> and the outside postfix can be configured to loopback only > > Outside is already loopback-only mode. > > Did I miss something?
I have posted the NAT output of the shorewall at http://ix.io/3pUe for your perusal where I have categorically specified DNAT for SMTP in line 34. Thanks for your inputs. > > Thanks again. > > Cheers, > /z > >> >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> > -- Cheers, /z -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-. CONFIDENTIALITY NOTICE AND DISCLAIMER: Access to this e-mail and its contents by anyone other than the intended recipient is unauthorized as it contains privileged and confidential information, and is subject to legal privilege. Please do not re/distribute it. If you are not the intended recipient (or responsible for delivery of the message to such person), you may not use, copy, distribute or deliver the email and part of its contents to anyone this message (or any part of its contents or take any action in connection to it. In such case, you should destroy this message, and notify the sender immediately. If you have received this email in error, please notify the sender or your sysadmin immediately by e-mail or telephone, and delete the e-mail from any computer. If you or your employer does not consent to internet e-mail messages of this kind, please notify the sender immediately. All reasonable precautions have been taken to ensure no viruses are present in this e-mail and attachments included. As the sender cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments it is recommended that you are responsible to follow your virus checking procedures prior to use. The views, opinions, conclusions and other informations expressed in this electronic mail are not given or endorsed by any company including the network providers unless otherwise indicated by an authorized representative independent of this message. -.. .. ... -.-. .-.. .- .. -- . .-. | -.. .. ... -.-. .-.. .- .. -- . .-. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
