Hi
I have a couple of questions, but first I'll describe my simple setup. I
got a Debian Etch gateway with two NIC's; eth0 192.168.1.1/24 (LAN),
eth0:1 192.168.2.1/24 (DMZ), eth1 10.0.0.2 (input from isp router). I've
pasted part of my firewall script here, http://pastebin.ca/1066314
I
left out the variables definitions and cut down on all the different
rules.
Q1) When I access my webserver in DMZ from LAN I can't see the source
address in the webservers log, I only get 192.168.2.1 (DMZ gateway
address). The same happens vice-versa and it's a problem due to ACL and
etc. The strange thing is that it used to work, the source address
appeared, but unfortunately it stopped. I don't know what I've done,
cause the firewall script is still the same rules.
Q2) I would like have a mail server in DMZ, but for now I only got a
working smtp-server. Because of sorbs and reverse lookup I'm forced
relay my mails through my ISP's smtp server and that's no problem as
long as I only have the smtp-setup. But as soon as I redirect ****t 25
down to the mail server in DMZ to receive mails Postfix re****t about
mail loop. That also happens only when I use Postfix for smtp.
I can't see why I can't redirect the ****t. Perhaps cause my ISP answers
on ****t 25 which redirects to my smtp-server. Am I missing something or
is there a work-around?
Q3) I always prefer to only open the ****ts I need, but with SopCat
(video streaming network) I got a "problem". Sopcast connect on 2-3
specific ****ts, but when it comes to streaming the video it uses from
****t 32000 and up (as a new connection). What does you normally do in
those cases, opens all the ****t, cause it makes no real difference?
--
/Lars
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]
|
