[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

iptables & incoming smtp



I'm having trouble with our web/email server receiving SMTP port 25
traffic when it's behind an iptables firewall.

We are currently using a Sonicwall 3-nic firewall that I want to replace
with iptables so that I can start to use FreeS/WAN.  Currently, the 3
nic's have the following addresses:
WAN port: 63.252.12.11
LAN port: 192.168.1.1
DMZ port: NAT not enabled, but forwards packets to web/email server
(running Ipswitch's IMail 7.15) with address of 63.252.12.39

Currently our ISP is scanning our email for viruses and spam, and they
send all our mail from a server with address 63.252.12.229.

I set up a 3-nic iptables box on RH7.3 kernel 2.4.18-27.7.x with the
following addresses:
WAN port: 63.252.12.39
LAN port: 192.168.1.1
DMZ port: 192.168.200.1

I DNAT incoming ports 25, 80, & 110 to the web/email server with an IP
address of 192.168.200.2

Bringing up web pages both on the LAN and out in the WAN works, as does
POP3 internally.  Sending email to the outside works fine as well. 
However, we can't receive any email from the outside.

I tested incoming mail from my yahoo account through both the Sonicwall
and iptables box.

I plugged my laptop with ethereal between the Sonicwall and the email
server and got an ARP request broadcast originating from 63.252.12.229, 
then a response to 63.252.212.229 followed by the TCP handshake and
incoming SMTP packets and their replies.

When I sniffed between my iptables box and the web/email server (having
changed it's IP address from 63.252.12.39 to 192.168.200.2 and
determined that web browsing and POP3 were working) I got an ARP request
broadcast originating from 192.168.200.1 (the DMZ nic) asking who has
192.168.200.2, sending the reply back to 192.168.200.1

This exchange is never followed by the TCP handshake, nor the SMTP
transmission.  I also sent:
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp # WAN nic
echo 1 > /proc/sys/net/ipv4/conf/eth2/proxy_arp # DMZ nic
per http://www.sjdjweis.com/linux/proxyarp/rc.firewall.txt

but to no avail. 

Any suggestions?

Dan Fleischer
Systems Administrator
Bank & Trust Co.
401 N. Madison St.
Litchfield, IL 62056

Ph. 217-324-3935
http://www.bank-and-trust.com


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.