Solved

How to configure Shorewall's firewall  rules to allow Mdaemon Web mail acces?

Posted on 2003-11-05
4
563 Views
Last Modified: 2010-03-18
Hi,

I'm the newbies here... We hav a Mdaemon emaill server running on Windows platform. Currently we need to implement the web mail access by activating WorldClient features togerther wilth port:3000. We hav tested within the internal network by using the web browser 10.10.10.3:3000 to have web mail access - yes, success so I assume that the web mail configuration side is ok.

Now we'd like push to next level whereby mobile user can hav web mail access from external. our vendor hav implement the firewall system( a server with 2 nic adapter - 1 for broadband & 1 for internal LAN connection due to cost saving...) using ReaHat 9 together with the Shorewall package.

And bcause we are the beginers to linux... therefore we'd like to get some good advise on how to setup the firewall rule so that the above case could be achieved...

assume we hav 1 fix ip(public ip) for firewall is 219.90.40.123,  we would like our mobile user to type in 219.90.40.123:3000 on the web browser and they can successfully access to the web mail service. how can we implement this in shorewall rules set, espeically how we configure the DNAT stuff? It would be grateful if someone could provide a detail configuration for it...

Thanks in advance...

Regards,
Zent...
0
Comment
Question by:xavierise
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 250 total points
Comment Utility
I don't use Shorewall, but I can tell you that the IPtables rule to forward the incoming requests  to your web mail system would look like (assuming you only have one outside IP):

iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 3000 -j DNAT --to 10.10.10.3

You might also need a rule to allow inbound connections on port 3000 like (assuming eth0 is the outside NIC):

iptables -A INPUT -i eth0 -d 0/0 -p tcp --dport 3000 -j ACCEPT
0
 

Author Comment

by:xavierise
Comment Utility
Hi all,

regarding the iptables, are you refering to the linux (firewall) system iptables... where can I set/type in these rules from ? within the console? sorry bcause I've only the basic knowledge of linux and so far only using the webadmin(with the web browser) feature to configure the settings...

anyway I'll try this by simulatating ur suggestion into shorewall settings... any additional comments, pls advise...

Appreciate if anyone else could provide a more detail & precise solutions..

thanks..

regards,
Zent
0
 

Author Comment

by:xavierise
Comment Utility
oh..I've done it...

the biggest problem is I try to test the public ip:3000 on the web browser within my internal network and it cannot work, but when I try an external connection(stand alone machine) it works...

just dun understand why from my internal LAN can't redirect the according address to the web mail service... any idea?


thanks again...

regareds,
Zent
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
When you have a NATing firewall with a server on the inside the clients on the inside of the firewall will only be able to connect to that server using the inside IP of the server. The usual solution to that problem is to have two namespaces for your domain. One, that uses Internet IP's, is only used by Internet hosts and the other, that uses inside IP's is only used by clinets inside of the firewall. That can be as simple as creating hosts file records for your servers on each inside machine or as complex as running a DNS server on the inside. If you have a limited number of inside machines, say 15-20, the hosts file approach is manageable. If you have a large number of machines or the the inside machines change frequently a DNS server is a better approach.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now