Re: Help with POP3/SMTP and MASQ

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael Hudin" <hudin@zoetrope.com>
To: netfilter@lists.samba.org
Subject: Re: Help with POP3/SMTP and MASQ
Date: Mon, 10 Jun 2002 15:17:23 -0700	[thread overview]
Message-ID: <00ae01c210cc$9872ac20$52cfd3cf@michael> (raw)
In-Reply-To: F21XZZTHfyQgeDKvPEk0000a6ad@hotmail.com

The problem looks like it is in your forwarding rules.  You are telling it
to forward but you're not telling it from where to where, so you would need
something along the lines of -A FORWARD -i eth0 -o eth1 -p tcp -m
tcp --dport 110 -j ACCEPT if eth0 is your external and eth1 your internal.
You may need to invoke this slightly differently because I use the
iptables-save setup, not a script.

This should be a starting point.  There may be other things that aren't
working as well.

-michael

----- Original Message -----
From: "Linux Tek" <linuxtek2002@hotmail.com>
To: <netfilter@lists.samba.org>
Sent: Monday, June 10, 2002 2:37 PM
Subject: Help with POP3/SMTP and MASQ


> Hello...
> I've had had no luck getting POP3/SMTP going through my RedHat 7.1 2.4
> kernel iptables box.  I have been able to setup incoming FTP connections
> through my firewall, but no luck on the email.  Here's my script...I've
> pretty much added alot of extra stuff hoping that something would work and
I
> could figure it out from there, but so far nothings worked.  I must be
> missing something obvious!
>
> Any help is appreciated, and thanks to everyone who takes the time to
> respond!
>
>
> #Beginning of script
> #this was from someone's sample script..to load the modules.
>
> /sbin/modprobe ip_tables
> /sbin/modprobe ip_conntrack
> /sbin/modprobe iptable_filter
> /sbin/modprobe iptable_mangle
> /sbin/modprobe iptable_nat
> /sbin/modprobe ipt_LOG
> /sbin/modprobe ipt_limit
> /sbin/modprobe ipt_state
>
> #
> # 2.2 Non-Required modules
> #
>
> #/sbin/modprobe ipt_owner
> #/sbin/modprobe ipt_REJECT
> #/sbin/modprobe ipt_MASQUERADE
> #/sbin/modprobe ip_conntrack_ftp
> #/sbin/modprobe ip_conntrack_irc
>
>
>
> #some basic MASQ stuff so I can hit the internet!
> cp /home/main/ip_forward /proc/sys/net/ipv4
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> #rules for ftp in...working right now
>
> iptables -A FORWARD -p tcp --dport 21 -j ACCEPT
> iptables -A FORWARD -p tcp --dport 20 -j ACCEPT
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 21 -j DNAT --to
> 10.0.0.7:21
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 20 -j DNAT --to
> 10.0.0.7:20
>
> iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 21 -j
ACCEPT
> iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 10.0.0.7 --dport 20 -j
ACCEPT
>
> #rules for FTP out... NOT USED!!!!!!!!!
> #iptables -t nat -A POSTROUTING -p tcp --sport 21 -j ACCEPT
> #iptables -t nat -A POSTROUTING -p tcp --sport 20 -j ACCEPT
> #iptables -A INPUT -p tcp --sport 21 -j ACCEPT
> #iptables -A INPUT -p tcp --sport 20 -j ACCEPT
>
> #iptables -A OUTPUT -p tcp --sport 21 -j ACCEPT
> #iptables -A OUTPUT -p tcp --sport 20 -j ACCEPT
>
>
> #for POP3 and SMTP mail
> iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 25
> iptables -t nat -A POSTROUTING -p tcp -j MASQUERADE --to-ports 110
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j ACCEPT
> iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 110 -j ACCEPT
>
> iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
> iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
>
> iptables -t nat -A POSTROUTING -p tcp --sport 25 -j ACCEPT
> iptables -t nat -A POSTROUTING -p tcp --sport 110 -j ACCEPT
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
>
>
>
>

next prev parent reply	other threads:[~2002-06-10 22:17 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-06-10 21:37 Help with POP3/SMTP and MASQ Linux Tek
2002-06-10 22:17 ` Michael Hudin [this message]
2002-06-11  2:21 ` Matthew Hellman
2002-06-11 13:54 ` Payal
     [not found] ` <200206111923.23006@.>
2002-06-11 20:26   ` Tony Earnshaw
  -- strict thread matches above, loose matches on Subject: below --
2002-06-10 21:12 Felix D. Cat
2002-06-13 18:58 ` Antony Stone

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='00ae01c210cc$9872ac20$52cfd3cf@michael' \
    --to=hudin@zoetrope.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.