Problems using email through a Linux Firewall using ipfwadm, ipportfw

Problems using email through a Linux Firewall using ipfwadm, ipportfw

Post by Dan » Wed, 09 Jun 1999 04:00:00

I currently am using Linux as a firewall ip filtering along with ip port
forwarding The version of the kernel is 2.0.36. I have my email server and
web server sitting behind the firewall on private IP's.  The rules I have in
place are as follow for the email (IP and names have been changed to protect
the innocent)

# Flush all commands
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f

# Forward email to email server
/sbin/ipfwadm -F -a accept -b -P tcp -S 1024:65535 -D 25

# Forward email connections to outside email servers
/sbin/ipfwadm -F -a accept -b -P tcp -S 25 -D

# Forward Web connections to the Web Server
/sbin/ipfwadm -F -a accept -b -P tcp -S 1024:65535 -D 80

# Forward Web connections to outside Web Server
/sbin/ipfwadm -F -a accept -b -P tcp -S 188.168.23.* 80 -D

# Forward DNS traffic
/sbin/ipfwadm -F -a accept -b -P udp -S 53 -D

# Flus all Port Forwarding commands
/sbin/ipportfw -C

# Forward all traffic for port 80 to Web Server (Web Traffic)
/sbin/ipportfw -A -t250.249.20.215/80 -R

# Forward all traffic for port 25 to email server
/sbin/ipportfw -A -t250.249.20.215/25 -R

All users on the internal network can browse the internet fine and email
inernally works fine. Everyone can send and recieve. Our email server is a
Linux machine as well. We have a website which sits on the internal private
ip network. It is accesable by the outside world as well.

My problem is with email.

Problem 1.
    All the following are registered to the same IP (Public IP of the
    Our website is  registered to public IP (
    The following name is registered to the public IP (
    Our email ( which currently works (our email server)

recieve the email sent.
    When I try to send it via an outside ISP It  gets rejected with the
following reason.

    ----- The following addresses had permanent fatal errors -----

   ----- Transcript of session follows -----
... while talking to
<<< 501 RCPT VERIFY failed relaying denied!

Problem 2.
    If someone wants to use their local ISP to dial into and check there
email on our email server (which is behind the firewall on a private IP
address) a connection cannot be established with the email server. The
following is an example of the that happens when using OutLook 98as the
email program and the incoming and outgoing email servers set to

The TCP/IP connection was unexpectedly terminated by the server.
(Account 'myname',POP3 server:' ',Error Number:

I can ping and I get recieve packets back (The response
is the public IP address of the firewall which all the rules are set up for)

I believe both problems are related. Can anyone give me some insight into
how the ipfwadm, and ipporfw rules need to be set to resolve this issue

Any help is greatly appreciated.

Thanks Dan