by EL C » Fri, 29 Dec 2000 03:51:13
by Trygve Selme » Fri, 29 Dec 2000 05:37:34
> [snip]
> my servers a private non-routable IP such as 192.0.0.1. The problem
> now lies on how to ROUTE the incoming mail/dns request to my mail
> server behind my PMFirewall box? What would you recommend for me to
> do? Please ig you have any info or links, please let me know. I know
> I have a lots to read and learn, and I am all ready for it.!!!!!
> bring it on guys!
First, your postings repeatedly refers to 192.0.0.1 as a private non-routable
IP. This is _not_ correct. The private IPs are:
10.0.0.0/8 = 10.0.0.0-10.255.255.255
172.16.0.0/12 = 172.16.0.0-172.31.255.255
192.168.0.0/16 = 192.168.0.0-192.168.255.255
The easy thing to do is running your mailserver and your firewall on the same
machine, but I will not recommend it. If you have an old i386/i486, set it up
as your firewall machine. To access the mail-server (now with private IP on
your local LAN), use port forwarding (as in: ipmasqadm portfw -a -P tcp -L
$EXT_IP 25 -R 192.168.0.2 25).
Trygve.
by EL C » Fri, 29 Dec 2000 06:19:54
Its nice to deal with people that knows goods stuffs!!.
Ok. I will try to setup a separate box as firewall. I will then
give my existing mail server/dns server a private ip as 192.168.0.1 (
I am learning ! ). and then open the port as you mentioned
# this will open port 25/110/113 to allow mail to come and go through
the firewall
ipchains -A input -i ETH0 -d 0.0.0.0/0 /25 -p tcp -j ACCEPT
ipchains -A input -i ETH0 -d 0.0.0.0/0 /110 -p tcp -j ACCEPT
ipchains -A input -i ETH0 -d 0.0.0.0/0 /113 -p tcp -j ACCEPT
# this will FORWARD incoming mail/out going mail to my mail server
ipmasqadm portfw -a -P tcp -L 209.67.45.110 25 -R 192.168.0.1 25
ipmasqadm portfw -a -P tcp -L 209.67.45.110 110 -R 192.168.0.1 110
ipmasqadm portfw -a -P tcp -L 209.67.45.110 113 -R 192.168.0.1 113
Got a quick questiong for you :).What I am thinking of doing then, is
to setup the firewall box with my dns/mail server REAL IP. So DNS
request and Mail server request will go to my firewall. From there of
course , they will be forwarded to the internal lan where my mail/dns
box is located. the question is on my DNS files , I will have to
change the MX records A records and PTR records to the new internal
private IPs? Finally, what port do i need to open for the dns to
work ? :)
Thanks a lot!! hopefully I am not bothering you!!! :)
HAppy new year too!
On Wed, 27 Dec 2000 21:37:34 +0100, Trygve Selmer
>> [snip]
>> my servers a private non-routable IP such as 192.0.0.1. The problem
>> now lies on how to ROUTE the incoming mail/dns request to my mail
>> server behind my PMFirewall box? What would you recommend for me to
>> do? Please ig you have any info or links, please let me know. I know
>> I have a lots to read and learn, and I am all ready for it.!!!!!
>> bring it on guys!
>Hi again!
>First, your postings repeatedly refers to 192.0.0.1 as a private non-routable
>IP. This is _not_ correct. The private IPs are:
>10.0.0.0/8 = 10.0.0.0-10.255.255.255
>172.16.0.0/12 = 172.16.0.0-172.31.255.255
>192.168.0.0/16 = 192.168.0.0-192.168.255.255
>The easy thing to do is running your mailserver and your firewall on the same
>machine, but I will not recommend it. If you have an old i386/i486, set it up
>as your firewall machine. To access the mail-server (now with private IP on
>your local LAN), use port forwarding (as in: ipmasqadm portfw -a -P tcp -L
>$EXT_IP 25 -R 192.168.0.2 25).
> Trygve.
by Trygve Selme » Fri, 29 Dec 2000 07:05:02
> Its nice to deal with people that knows goods stuffs!!.
> Ok. I will try to setup a separate box as firewall. I will then
> give my existing mail server/dns server a private ip as 192.168.0.1 (
> I am learning ! ). and then open the port as you mentioned
> # this will open port 25/110/113 to allow mail to come and go through
> the firewall
> ipchains -A input -i ETH0 -d 0.0.0.0/0 /25 -p tcp -j ACCEPT
> ipchains -A input -i ETH0 -d 0.0.0.0/0 /110 -p tcp -j ACCEPT
> ipchains -A input -i ETH0 -d 0.0.0.0/0 /113 -p tcp -j ACCEPT
> # this will FORWARD incoming mail/out going mail to my mail server
> ipmasqadm portfw -a -P tcp -L 209.67.45.110 25 -R 192.168.0.1 25
> ipmasqadm portfw -a -P tcp -L 209.67.45.110 110 -R 192.168.0.1 110
> ipmasqadm portfw -a -P tcp -L 209.67.45.110 113 -R 192.168.0.1 113
I recommend reading the IP-Masquerade-mini-HOWTO, DNS-HOWTO, and theQuote:> Got a quick questiong for you :).What I am thinking of doing then, is
> to setup the firewall box with my dns/mail server REAL IP. So DNS
> request and Mail server request will go to my firewall. From there of
> course , they will be forwarded to the internal lan where my mail/dns
> box is located. the question is on my DNS files , I will have to
> change the MX records A records and PTR records to the new internal
> private IPs? Finally, what port do i need to open for the dns to
> work ? :)
Same to you and the rest of the group!Quote:> Thanks a lot!! hopefully I am not bothering you!!! :)
> HAppy new year too!
Trygve.
1. Getting pmfirewall,rp-pppoe and squid to work together
Excuse the large cross-posts, but this is truly a puzzle fit for any of
these NG's. I'm building a squid server at home for a elementary school who
asked me to build this after I sold them on squid+squidguard, with a DSL
connection(rp-pppoe+pmfirewall) and cannot for the life of me to get these
to work together. The layout is simple: dsl modem to eth0 in a MD 7.2
(2.2.17) box, eth1 to a win98 client. I had the rp-pppoe+pmfirewall
connection going great 'till I added the second nic(eth1). Now eth1 keeps
blowing my routing table: I can connect fine if I ifdown eth1 and then
dialup, but the minute I try to dialup with eth1 up, I can still connect,
but I can't ping anything.(Actually, I can't ping anything/anyhow now) I've
assigned both nics statically (is this a problem) 10.166.0.2 and
10.166.0.3,respectively and ppp0 is assigned via the isp with dhcp.
First, how can I get this to work at home (both rp-pppoe and pmfirewall both
offer masq'ing and firewalling options(dah))I'm almost certain that 95% of
the problem lies here. I really don't want to build this on my dsl line with
no FW.
What should be the netmask(s) and gateway for this setup?
Second, what would be the way best to configure squid with regards to the
nic's
Third, what changes are going to be needed when I take this box to the
school
(class: "c" lan)
(Is their any way squid can take care of all of this in one swoop?)
Fourth, how do I open the port(s) to allow squid through the FW.
This school is on a WAN (wich goes through a socks5 connection -10.0.3.4- to
get to the internet) but the school itself is on
10.166.165.0-10.166.165.255, how do I block the WAN out of this squid
server.
I know this is an enormous question, but I've read alot posts in all of
these NG"s and know that someone(s) can answer this. ANY help/links/advice
would be GREATLY appreciated. I really need to get this up as soon as
possible.
2. Any prog for Accessing Linux file sys from dos
5. PMfirewall vs Firestarter...a poll....
6. Installation problem -- can't mount CD-ROM
7. Long Login Prompt Time and pmfirewall Logging
9. Pmfirewall, RH 7.1, masquerading and AOL IM
11. PMfirewall VS firestarter.
12. As400 connection to a linux firewall ( pmfirewall )