On Wed, Jan 19, 2005 at 03:25:33PM +0100, Jose Maria Lopez wrote: > El mar, 18 de 01 de 2005 a las 20:23, Jason Opperisano escribió: > > On Tue, Jan 18, 2005 at 04:58:58PM -0300, Pablo Allietti wrote: > > > hi people. > > > thanks a lot, all work ok > > > > > > i have a question.. > > > > > > my net is > > > > > > > > > |200.40.228.64/28 > > > | > > > Firewall FC2 (200.40.229.67) > > > | dns midomain.com > > > | > > > |192.168.1.0/24 > > > ------------------------------- > > > | > > > | > > > | > > > FC2 (pop3) 192.168.1.6 > > > > > > > > > i need to check mail in midomain.com but the pop3 server and mail server > > > is in 192.168.1.8 > > > > > > is that correct to check and send mail? > > > > > > iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 0/0 -d 192.168.1.6 --dport > > > 110 -j ACCEPT > > > iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 0/0 -d 192.168.1.6 --dport > > > 25 -j ACCEPT > > > > those are correct for your filter rules. do you already have the NAT > > setup for this as well? > > > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 110 \ > > -j DNAT --to-destination 192.168.1.6 > > > > iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 \ > > -j DNAT --to-destination 192.168.1.6 > > > > -j > > > > -- > > "This has purple stuff inside - purple is a fruit." > > --The Simpsons > > And of course also the RELATED and ESTABLISHED rules, or the rules > for the traffic going out of the machines. > > -- > Jose Maria Lopez Hernandez > Director Tecnico de bgSEC > jkerouac@xxxxxxxxx > bgSEC Seguridad y Consultoria de Sistemas Informaticos > http://www.bgsec.com > ESPAÑA > > The only people for me are the mad ones -- the ones who are mad to live, > mad to talk, mad to be saved, desirous of everything at the same time, > the ones who never yawn or say a commonplace thing, but burn, burn, burn > like fabulous yellow Roman candles. > -- Jack Kerouac, "On the Road" > > ---end quoted text--- -- Pablo Allietti LACNIC --------------
