> > This is really getting frustrating - mainly because I don't really > > understand what I'm doing. Using a port scanner from an external > > webserver, it shows that ports 25, 80, and 10025 are all closed. > > > > What am I missing? > > > > Here's the iptables dump from both my firewall and my > internal server. > > > > *** FIREWALL IPTABLES *** > > > > > iptables -n -v -L > > > Chain OUTPUT (policy DROP 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > > destination > > 0 0 ACCEPT all -- * lo 0.0.0.0/0 > > 0.0.0.0/0 > > 0 0 ACCEPT all -- * eth0 67.106.235.126 > > 192.168.69.0/24 > > I _think_ the above rule is not necessary and maybe not > valid.. This is your internet ip adress, is it not? I > believe your intent here is to ACCEPT and pass email and > http? I _believe_ you need to change the source to 0.0.0.0/0 > - well, really - probably replace this line altogether and > substitute lines with source 0.0.0.0/0 and dports 25 and 80. > The source for a packet would be wherever it originated, and > not your email address. Those output lines (and basically everything else that isn't port specific) is from the IP-Masquerade HOWTO. I'm not saying they're right or wrong - but that's where I got 'em from. I believe the intent is to explicitly state what traffic is or is not acceptable to create a minimal firewall. So the output lines say that anything can go out on eth1, and only packets intended for the 192.168.69.0 DMZ go on eth0.
That part has been working fine - unless it's interfering with my port forwarding? I still don't understand all the relationships of the different chains - for example, what's the difference between prerouting and forward, and if I have prerouting and forward enabled do I need to have input or output enabled? > From what I can gather, eth0 is your internal machine and > eth1 is your > outside connection.. Correct. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
