Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Walid Moghrabi on November 23, 2001, 12:22:57 PM

Title: Setting up a firewall/SMTP gateway
Post by: Walid Moghrabi on November 23, 2001, 12:22:57 PM

Hi,

I know certainly most of my questions are more or less answered in this forum but I am in a real hurry, I have to set up a firewall/SMTP gateway asap as I am currently beeing attacked by spammers and I had no other choice than shutting down my mail server (crappy Exchange 5.5 but in a complicated organisation which don't let me add routing rules easily ...)

Here is what I want :

I have a permanent Internet Radio Waves connection and the receiver is a simple LAN<->WAN router with a local IP adress (10.0.0.xxx) and a WAN adress (217.112.xxx.xxx).
Inside my network, I have a SMTP server which is open relay and which I cant' close for some specific reasons so I want to send/receive mails from/to this server using the firewall as a SMTP gateway which is secured and not open relay.
My current smtp server is IP 10.0.0.yyy.

I also have a Microsoft TS in my network which (unfortunately) MUST stay accessible via the Internet.

What I was wanting is placing the firewall between my LAN and my router by giving him two LAN adresses (one for my LAN and one for my router), plug the router directly on eth1 and the LAN on eth0.

So, If I sum up the story, I want to let all the outgoing ports open and only the incoming 25 and 3389 ports open and mapped like this : /25 and /3389.

I want to let the port 25 open simply for the transition, just 2-3 days, the time that the worldwide DNSs knows my new SMTP server aka the firewall.

Question : is my firewall currently able to receive mails and forward them to my internal server ? (according that I already owned a public IP for it and that the DNSs are okay)

I really need your help and this is very urgent so please, do not hesitate to answer or contact me directly there : walidm@sport-away.com

Thanks

Title: Re: Setting up a firewall/SMTP gateway
Post by: enigma on November 24, 2001, 04:25:08 AM

Hi there,
If I estimate your questions and requirements correctly you *will* have to make a few mods to the e-smith box.

1     “If I sum up the story, I want to let all the outgoing ports open and only the incoming 25 and 3389 ports open and mapped like this : /25 and /3389”
If you add the transparent proxy module + set as the default gateway to your lan + add the port forwarding modules , take a sniff round the contributed modules/rpms/howto's and particularly look at the how to by Darrel May on this one

2     is my firewall currently able to receive mails and forward them to my internal server ? (according that I already owned a public IP for it and that the DNSs are okay) Have a look at http://youresmith:980/server-manager/cgi-bin/emailretrieval  and or http://youresmith:980/server-manager/cgi-bin/otheremail (changing the name youresmith with your settings, and fill in the delegate mail server settings this should accomplish this.

I hope this helps - ?anybody else have any comments?