Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: ipcop 1.4.10 CUSTOM chain

ipcop 1.4.10 CUSTOM chain 12 years 6 months ago #13933

  • lc4523
  • lc4523's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 5
  • Thank you received: 0
Hello everybody i'am new here.... and i need help. pls help :oops:
I install ipcop 1.4.10 with red (eth1), orange (eth2) and green (eth0) interface.

red = public ip (202.57.4.a) 255.255.255.224
orange = private ip (172.16.1.b) 255.255.0.0
green = private ip (192.168.0.c) 255.255.255.0
mx record on dns = 202.57.1.d (the ip given by my internet provider also)

i put mail server in dmz (orange) with ip 172.16.1.e

so i put my private rule at rc.firewall.local , like below

iptables -A CUSTOMINPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.57.1.d --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A CUSTOMOUTPUT -p tcp -s 202.57.1.d --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -t nat -A CUSTOMPREROUTING -i eth1 -p tcp -s 0/0 --sport 1024:65535 -d 202.57.1.d --dport 25 -j DNAT --to-destination 172.16.1.e:25

iptables -t nat -A CUSTOMPOSTROUTING -i eth2 -p tcp -s 172.16.1.e --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to-source 202.57.1.d

then i restart ipcop, but when i type iptables -nL there's only CUSTOMINPUT and CUSTOMOUTPUT rule,.. i dont see my CUSTOMPREROUTING and CUSTOMPOSTROUTING rule

thank you very much in advance

Cahyo :)

Re: ipcop 1.4.10 CUSTOM chain 12 years 6 months ago #13950

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
Welcome to firewall.cx, lc4523. When you use [code:1]iptables -L[/code:1]
it only lists the rules for the chains in the default "filter" table. In order to list the rules relating to the CUSTOMPREROUTING and CUSTOMPOSTROUTING chains which are in the "nat" table you will need to use the "-t" option as follows:[code:1]iptables -L -t nat[/code:1]

ipcop 1.4.10 CUSTOM chain 12 years 6 months ago #13951

  • lc4523
  • lc4523's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 5
  • Thank you received: 0
thank you for response me.. yes i'am very new in firewall and iptables and thanks again for answer me :), ok now i can see all my rules, but when i try to send from yahoo the yahoo said "Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)
I'm not going to try again; this message has been in the queue too
long. " , but if i send to yahoo the message delivered sucessfully.

thanks2 "and sorry for my bad english"
Cahyo :roll:

it works now 12 years 6 months ago #13952

  • lc4523
  • lc4523's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 5
  • Thank you received: 0
ok.. now i can receive email from outsite by openning the port forwarding.... and how about the external access.. is it important to configure it... thanks

cahyo

Re: ipcop 1.4.10 CUSTOM chain 12 years 6 months ago #13962

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
"Port Forwarding" and "External Access" serve different purposes. Port Forwarding is where you set up access controls for hosts behind your IPCOP. External Access on the other hand, handles access to the IPCOP itself e.g. Remote SSH access or HTTPS. So unless you want to access the IPCOP itself from a remote location, you do not need to bother with the External Access settings.

thanks 12 years 6 months ago #14007

  • lc4523
  • lc4523's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 5
  • Thank you received: 0
ok thanks i understand now

Cahyo
  • Page:
  • 1
Time to create page: 0.148 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup