Solved

How to configure Shorewall's firewall  rules to allow Mdaemon Web mail acces?

Posted on 2003-11-05
4
568 Views
Last Modified: 2010-03-18
Hi,

I'm the newbies here... We hav a Mdaemon emaill server running on Windows platform. Currently we need to implement the web mail access by activating WorldClient features togerther wilth port:3000. We hav tested within the internal network by using the web browser 10.10.10.3:3000 to have web mail access - yes, success so I assume that the web mail configuration side is ok.

Now we'd like push to next level whereby mobile user can hav web mail access from external. our vendor hav implement the firewall system( a server with 2 nic adapter - 1 for broadband & 1 for internal LAN connection due to cost saving...) using ReaHat 9 together with the Shorewall package.

And bcause we are the beginers to linux... therefore we'd like to get some good advise on how to setup the firewall rule so that the above case could be achieved...

assume we hav 1 fix ip(public ip) for firewall is 219.90.40.123,  we would like our mobile user to type in 219.90.40.123:3000 on the web browser and they can successfully access to the web mail service. how can we implement this in shorewall rules set, espeically how we configure the DNAT stuff? It would be grateful if someone could provide a detail configuration for it...

Thanks in advance...

Regards,
Zent...
0
Comment
Question by:xavierise
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 250 total points
ID: 9686414
I don't use Shorewall, but I can tell you that the IPtables rule to forward the incoming requests  to your web mail system would look like (assuming you only have one outside IP):

iptables -t nat -A PREROUTING -i $OUTSIDE -p tcp --dport 3000 -j DNAT --to 10.10.10.3

You might also need a rule to allow inbound connections on port 3000 like (assuming eth0 is the outside NIC):

iptables -A INPUT -i eth0 -d 0/0 -p tcp --dport 3000 -j ACCEPT
0
 

Author Comment

by:xavierise
ID: 9691306
Hi all,

regarding the iptables, are you refering to the linux (firewall) system iptables... where can I set/type in these rules from ? within the console? sorry bcause I've only the basic knowledge of linux and so far only using the webadmin(with the web browser) feature to configure the settings...

anyway I'll try this by simulatating ur suggestion into shorewall settings... any additional comments, pls advise...

Appreciate if anyone else could provide a more detail & precise solutions..

thanks..

regards,
Zent
0
 

Author Comment

by:xavierise
ID: 9699850
oh..I've done it...

the biggest problem is I try to test the public ip:3000 on the web browser within my internal network and it cannot work, but when I try an external connection(stand alone machine) it works...

just dun understand why from my internal LAN can't redirect the according address to the web mail service... any idea?


thanks again...

regareds,
Zent
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9701185
When you have a NATing firewall with a server on the inside the clients on the inside of the firewall will only be able to connect to that server using the inside IP of the server. The usual solution to that problem is to have two namespaces for your domain. One, that uses Internet IP's, is only used by Internet hosts and the other, that uses inside IP's is only used by clinets inside of the firewall. That can be as simple as creating hosts file records for your servers on each inside machine or as complex as running a DNS server on the inside. If you have a limited number of inside machines, say 15-20, the hosts file approach is manageable. If you have a large number of machines or the the inside machines change frequently a DNS server is a better approach.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question