LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: David Rowlands <davidr@empower.com.au>
To : linuxsa@linuxsa.org.au <linuxsa@linuxsa.org.au>
Date: Thu, 31 May 2001 13:49:48 +0930
RE: ip masquerading
Andrew,
The exchange server's smtp port is not live - only the web server (port 80)
for exchange is, so people can retrieve their mail via exchange's web
interface. We do indeed use mailertables for forwarding the mail to the
exchange server via an MTA on the firewall.
I'll give your suggestion a go though, modified for port 80.
-----Original Message-----
From: Andrew Reid [mailto:andrew.reid@plug.cx]
Sent: Thursday, May 31, 2001 1:17 PM
To: David Rowlands
Cc: 'linuxsa@linuxsa.org.au'
Subject: RE: ip masquerading
On 31 May 2001 12:27:28 +0930, David Rowlands wrote:
> It's not what you missed, its what I failed to mention. I use fwtk to
> forward ports from the internal exchange server to the outside world for
web
> email. If I DENY the exchange server, the port forwarding with fwtk stops.
Ahh.. That makes more sense then :-)
Well Firstly, I'd not trust my Exchange server's SMTP port live on the
Internet. I'd be more inclined to install Postfix/Qmail/Sendmail (in
order of preference :-) and use mailer tables to reroute mail to the
internal exchange box.
Admitadly this involves installing an MTA on the firewall, but I've not
had any issues on the occasions that I've done it.
You really want something like IPFilter's save-state option. Here's a
theory that may sufice:
ipchains -A forward -s 192.168.10.3 -d 0.0.0.0/0 25 -j MASQ
ipchains -A forward -s 192.168.10.3 -j DENY
Where 192.168.10.3 is the IP of your exchange server.
- andrew
--
Andrew Reid email: andrew.reid@plug.cx
www: http://www.plug.cx
"A school without students phone: +61 401 946 813
is like an ointment
without a fly"
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page