[NTLUG:Discuss] Port forwarding with IPCop
Bobby Wrenn
bjwrenn at augustmail.com
Fri Feb 27 14:37:59 CST 2004
Greg Edwards wrote:
> Bobby Wrenn wrote:
>
>> I am have trouble with my new DMZ setup.
>>
>>
>> WORLD
>> |
>> Firewall machine with 3 NICs running IPCop Static IP
>> |
>> _____|_________
>> | |
>> Internal LAN |
>> 192.168.1.0/24 Servers (Apache and Postfix)
>> 192.168.2.0/24
>>
>> On the firewall I have the following set up for forwarding.
>>
>> TCP DEFAULT IP : 25(SMTP) > 192.168.2.2 : 25(SMTP)
>> TCP DEFAULT IP : 110(POP3) > 192.168.2.2 : 110(POP3)
>> TCP DEFAULT IP : 80(HTTP) > 192.168.2.2 : 80(HTTP)
>>
>> I think these are correct. However, I can't retrieve mail from Servers
>> on Internal LAN. The error indicates "Connection refused".
>>
>> I'm sure I'm missing something simple. But it's been a few years since
>> I have tried to mess with this. What am I missing?
>>
>> TIA
>> Bobby
>>
>
> I would start by making sure your addresses resolve. When you run "host
> mailserver" from a station inside what do you get back?
>
> I run 2 DNS servers, one for outside and one for inside, to resolve the
> problem of services shared on both sides of the firewall.
>
host mail.wrennest.com host returns mail.wrennest.com has address
216.87.150.158. This is the external address of the system. I have not
tried to do DNS internally because that was one more thing to learn that
I could push off to someone else for a small fee.
This is the same DNS arrangement that worked with the old system.
More information about the Discuss
mailing list