iptables/smtp/dns question

[gaf at blu.org (Jerry Feldman)]

I'm not an expert on firewalls, but your mail server works on port 25 (SMTP), which needs to be 
passed through by your firewall. I'm sure that Derek, Paul and Mike will probably respond in much 
more detail. 

I personally prefer a dedicated firewall with no other services, but you can run the mail software on 
the firewall box itself. 
On 8 Feb 2002 at 9:43, greenberg at hcfama.org wrote:

> Hoping someone can help me clarify a problem I am having setting 
> up a firewall.
> 
> I want to put our mail server (qmail) behind an iptables-based 
> firewall as part of a dmz.  Our LAN uses a separate range of private 
> ips.  They are physically segregated running through separate NICs.
> 
> I tried it out last night.  I could send mail from the LAN to the mail 
> server.  I could pop mail from the LAN.  I could receive mail from 
> the internet. I could not send mail to the internet (the mail did get 
> to the server, but sat in the qmail queue).
> 
> In retrospect, I am wondering whether the problem was actually 
> DNS-related.  We use a DNS server OUTSIDE our network, i.e. on 
> the internet.  I was allowing traffic out on port 53 from the mail 
> server, but not allowing it in.  Would this have prevented SMTPD 
> from being able to resolve email addresses to ips, and thus 
> queuing the mail on the server? 
> 
> Sorry for being long-winded, just trying to be clear...
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss

Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9