i would be very wary as regards rim's netsec. v/r,piranha -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Daniel Chemko Sent: Wednesday, November 17, 2004 10:06 AM To: mclinden@xxxxxxxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: Simple Blackberry Enterprise configuration mclinden@xxxxxxxxxxxx wrote: > I have two users who need to be able to ORIGINATE bidirectional > communication from an internal site using port 3101 in order to read > e-mail using their Blackberries and the Server Relay Protocol. This > should be fairly simple but if anyone has done this and could point > me to a reference it would be appreciated. > > Sean McLinden > Allegheny County Health Department You want to force the source address of the transmission? I doubt that Rim would care which source port the data's coming from. More importantly, are you having a problem connecting them to your internal network's BB server from outside the company? I'm not sure of the security of the BB server, so this may make your systems very insecure, but if you wanted your internet server visible to the internet, you'd add the following to a typical restrictive netfilter firewall configration. iptables -A PREROUTING --destination ${IN_ADDR} -p tcp --dport 3101 -j DNAT --to ${BB_SERVER} iptables -A FORWARD --destination ${BB_SERVERR} -p tcp --dport 3101 -j ACCEPT
