|
| firewall problem |
 |
Mon, 28 Jan 2008 13:07:54 GMT |
I use an OpenSuse 10.2 gateway between internet and intranet. This server
hat two nics. TCP/IP forwarding is enabled. I use postfix for emailing and
squid as a proxy.
As my E-Mail provider sends me E-Mails over fixed defined TCP/IP adessses,
I would like to configure my firewall, so that SMTP works only for that
specified TCP/IP addresses for ingoing traffic.
I've changed /etc/sysconfig/SuSEFirewall2 in the following way:
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_ROUTE="yes"
FW_MASQERADE="no"
FW_SERVICES_EXT_TCP="domain http https smtp"
FW_TRUSTED_NETS=""
FW_FORWARD="180.111.111.1,80.123.123.1,tcp,23
180.180.180.2,80.123.123.1,tcp,23"
as 80.123.123.1 is the address of eth1 (internet).
But with this configuration, all SMTP pakets are able to come in.
If I made the following change:
FW_SERVICES_EXT_TCP="domain http https"
not SMTP paket are able to come in, also not from
180.111.111.1 or 180.180.180.2 (my provider addresses).
Can anyone help me, what's wrong in my configuration?
|
| Post Reply
|
| Re: firewall problem |
 |
Mon, 28 Jan 2008 13:28:16 GMT |
On Mon, 28 Jan 2008 13:07:54 GMT
markus_herbert@yahoo.de (Markus Herbert) wrote:
> I use an OpenSuse 10.2 gateway between internet and intranet. This
> server hat two nics. TCP/IP forwarding is enabled. I use postfix for
> emailing and squid as a proxy.
>
> As my E-Mail provider sends me E-Mails over fixed defined TCP/IP
> adessses, I would like to configure my firewall, so that SMTP works
> only for that specified TCP/IP addresses for ingoing traffic.
>
> I've changed /etc/sysconfig/SuSEFirewall2 in the following way:
>
> FW_DEV_EXT="eth1"
> FW_DEV_INT="eth0"
> FW_ROUTE="yes"
> FW_MASQERADE="no"
> FW_SERVICES_EXT_TCP="domain http https smtp"
> FW_TRUSTED_NETS=""
> FW_FORWARD="180.111.111.1,80.123.123.1,tcp,23
> 180.180.180.2,80.123.123.1,tcp,23"
>
> as 80.123.123.1 is the address of eth1 (internet).
> But with this configuration, all SMTP pakets are able to come in.
>
> If I made the following change:
> FW_SERVICES_EXT_TCP="domain http https"
> not SMTP paket are able to come in, also not from
> 180.111.111.1 or 180.180.180.2 (my provider addresses).
>
> Can anyone help me, what's wrong in my configuration?
>
Hi
Port 23 is telnet, 25 is smtp or is that a typo?
--
Cheers Malcolm °¿° (Linux Counter #276890)
SLED 10.0 SP1 x86_64 Kernel 2.6.16.54-0.2.3-smp
up 17:52, 1 user, load average: 0.04, 0.07, 0.02
|
| Post Reply
|
| Re: firewall problem |
 |
Thu, 31 Jan 2008 09:56:39 GMT |
Thas was a mistake from me. Here is the correct part from the config file:
SuSEfirewall2
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_ROUTE="yes"
FW_MASQERADE="no"
FW_SERVICES_EXT_TCP="domain http https"
FW_TRUSTED_NETS=""
FW_FORWARD="180.111.111.1,80.123.123.1,tcp,25
180.180.180.2,80.123.123.1,tcp,25"
|
| Post Reply
|
|
|
|
|
|
|
|
|
|