Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: ipcop 1.4.10 CUSTOM chain

ipcop 1.4.10 CUSTOM chain 10 years 8 months ago #13933

  • lc4523
  • lc4523's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Hello everybody i'am new here.... and i need help. pls help :oops:
I install ipcop 1.4.10 with red (eth1), orange (eth2) and green (eth0) interface.

red = public ip (202.57.4.a) 255.255.255.224
orange = private ip (172.16.1.b) 255.255.0.0
green = private ip (192.168.0.c) 255.255.255.0
mx record on dns = 202.57.1.d (the ip given by my internet provider also)

i put mail server in dmz (orange) with ip 172.16.1.e

so i put my private rule at rc.firewall.local , like below

iptables -A CUSTOMINPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.57.1.d --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A CUSTOMOUTPUT -p tcp -s 202.57.1.d --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -t nat -A CUSTOMPREROUTING -i eth1 -p tcp -s 0/0 --sport 1024:65535 -d 202.57.1.d --dport 25 -j DNAT --to-destination 172.16.1.e:25

iptables -t nat -A CUSTOMPOSTROUTING -i eth2 -p tcp -s 172.16.1.e --sport 1024:65535 -d 0/0 --dport 25 -j SNAT --to-source 202.57.1.d

then i restart ipcop, but when i type iptables -nL there's only CUSTOMINPUT and CUSTOMOUTPUT rule,.. i dont see my CUSTOMPREROUTING and CUSTOMPOSTROUTING rule

thank you very much in advance

Cahyo :)
The administrator has disabled public write access.

Re: ipcop 1.4.10 CUSTOM chain 10 years 8 months ago #13950

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Welcome to firewall.cx, lc4523. When you use [code:1]iptables -L[/code:1]
it only lists the rules for the chains in the default "filter" table. In order to list the rules relating to the CUSTOMPREROUTING and CUSTOMPOSTROUTING chains which are in the "nat" table you will need to use the "-t" option as follows:[code:1]iptables -L -t nat[/code:1]
The administrator has disabled public write access.

ipcop 1.4.10 CUSTOM chain 10 years 8 months ago #13951

  • lc4523
  • lc4523's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
thank you for response me.. yes i'am very new in firewall and iptables and thanks again for answer me :), ok now i can see all my rules, but when i try to send from yahoo the yahoo said "Sorry, I wasn't able to establish an SMTP connection. (#4.4.1)
I'm not going to try again; this message has been in the queue too
long. " , but if i send to yahoo the message delivered sucessfully.

thanks2 "and sorry for my bad english"
Cahyo :roll:
The administrator has disabled public write access.

it works now 10 years 8 months ago #13952

  • lc4523
  • lc4523's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
ok.. now i can receive email from outsite by openning the port forwarding.... and how about the external access.. is it important to configure it... thanks

cahyo
The administrator has disabled public write access.

Re: ipcop 1.4.10 CUSTOM chain 10 years 8 months ago #13962

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
"Port Forwarding" and "External Access" serve different purposes. Port Forwarding is where you set up access controls for hosts behind your IPCOP. External Access on the other hand, handles access to the IPCOP itself e.g. Remote SSH access or HTTPS. So unless you want to access the IPCOP itself from a remote location, you do not need to bother with the External Access settings.
The administrator has disabled public write access.

thanks 10 years 7 months ago #14007

  • lc4523
  • lc4523's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
ok thanks i understand now

Cahyo
The administrator has disabled public write access.
Time to create page: 0.079 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup